By now, everyone has heard the news that Pinterest has surpassed all other social media sites and has earned the coveted spot of “number three” in terms of users behind Facebook and Twitter.

While LinkedIn and YouTube fell in the standings, Pinterest has adopted a loyal following – and especially amazing – while still in beta phase by invitation only.

According to a comScore study, the number of Pinterest users that visit the site daily has increased by 145% since the beginning of 2012.

But, before you join the Pinterest party, there are some things to keep in mind.

First, here is Pinterest’s mission in the company’s own words: “Our goal is to connect everyone in the world through the things they find interesting. We think that a favorite book, toy, or recipe can reveal a common link between two people.

With millions of new pins added every week, Pinterest is connecting people all over the world based on shared tastes and interests.”

NO PRIVACY SETTINGS

While Pinterest’s appeal is its visual-oriented content comprised of photos, images, illustrations, videos – some with links and some without – don’t get so caught up with creating categories, or in Pinterest speak, boards, that you upload personal photos with family members, personal cars, and your house or apartment with identifying details like numbers and street signs.

At the current time, there are no privacy settings similar to Facebook or Google Plus, and boards cannot be made private, similar to customized Facebook lists or customized Google Plus circles. The bottom line is that anyone with Internet access can view your boards.

COPYRIGHT INFRINGEMENT

Since the site is in beta phase, copyright and trademark police are not swimming around the site, therefore, all users must be on their best behavior about using images. Give credit if an image or link is not yours – be a respectable member of the Pinterest world.

ABOUT YOU

There is a bio section at the top of each page next to your profile photo. Don’t leave this section blank in your haste to set up your account, but don’t be overly-wordy either.

While users will learn about you from your boards and pins, everyone wants to read a quick sentence or two about you. Also, you can share your website URL, your Facebook URL, and/or your Twitter URL.

SHARING CONTENT WITH FACEBOOK AND TWITTER

Currently, you can log in to Pinterest with your Facebook or Twitter passwords. While this allows for shared content on both major sites, you can add details about your pins (in Pinterest speak, an image added on Pinterest) to Facebook and Twitter, this sharing of passwords may not be the best idea.

Consider a safer alternative – although not a quicker option – use a unique password for Pinterest, and if you want to share content on the other sites, enter the details by logging into either Facebook or Twitter separately.

COMMENTS

You can make comments about any pin. You have more than 140 characters (reference to Twitter), and everyone will be able to read your comments. Remember, similar to texts or emails, the comment could be misinterpreted, and your sense of humor may not be understood by all. So be polite, courteous, and friendly. And if you like a pin, you can always click the “like” button.

If you keep these concerns in mind, you can and will have limitless fun with Pinterest. I have become a fan and invite you to check out my Pinterest page at http://pinterest.com/tips4tech. If you'd like an invitation, comment below, and I’ll send you one.

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter and on Facebook.

Cross-Posted from Tips4Tech

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Many small-business owners fall below what some people call the “security poverty line." Bootstrapping entrepreneurs can be especially vulnerable to hackers because they don’t have the money or personnel to buy, install and maintain the fancy security products large companies take for granted.

On the hunt for easy pickings, hackers are attacking these security-poor businesses, typically with indiscriminate, automated assaults that could be stopped by basic security tools and computer hygiene. Seven in 10 of the cyber break-ins analyzed in Verizon’s 2012 Data Breach Investigations Report occurred at organizations with 100 employees or less.

The good news is that it can be surprisingly easy and inexpensive to mount a quality defense on a budget. We spoke with Grady Summers, a vice president at Mandiant Corp., an Alexandria, Va.-based information-security firm, and former chief information security officer at General Electric Co., to assemble a list of easy-to-use, free tools that any company -- including those without a technology staff -- can use to create a comprehensive security program to protect its network, computers and data.

While no security program is perfect, applying these free tools can defend against the most common attacks. “A small business with a part-time IT person could probably do this in a day," Summers says.

Defend your network.Most of the threats to company networks come over the Web, Summers says. He recommends using filtering software to block dangerous websites, including “phishing” sites designed to trick unwitting employees into falling for a scam or infect their computers with malware.

San Francisco-based OpenDNS offers a free, cloud-based Web filtering product that can protect a single PC or mobile device, or an entire network, from known phishing sites. OpenDNS’s paid services offer more security features and the ability to block porn and other sites companies may not want people to access while in the office.

Related: How to Avoid One of the Biggest Email Hacking Threats

To find any weak spots on your network, run a scan. Lumension Security of Scottsdale, Ariz., offers a free vulnerability scanner for checking networks of 25 or fewer computers. It can identify software vulnerabilities and misconfigurations that could put you at risk.

Also, scan your website for security vulnerabilities. Hackers often break into customer databases by striking company websites or hack sites to plant malware that will infect visitors. Qualys, a Redwood Shores, Calif., security company, offers FreeScan, a free tool for detecting security vulnerabilities in Web applications and finding malware infections and threats in websites. Users are limited to five free scans.

If you have a capable in-house technology staff, you also may want to consider using Security Onion, a compilation of free tools for intrusion detection and network monitoring.

Among the most popular free antivirus programs is one from AVG. Another is Microsoft's free basic security product Microsoft Security Essentials. It's made for consumers and businesses with 10 PCs or fewer. And firewall giant Check Point Software of Redwood City, Calif., has a free security suite that includes antivirus and a ZoneAlarm firewall that monitors traffic leaving your computer, as well as standard inbound traffic. In addition, U.K.-based Sophos offers free antivirus software for Macs.

Eliminate security vulnerabilities by applying the free fixes software makers regularly issue. To make that easy, use automatic update features for Microsoft, Apple, Adobe and other products you use. Windows users can make sure all their programs are current by using the free tool FileHippo.

Related: Three Low-Cost Ways to Keep Data Safe When Traveling for Business

Protect your data.Full disk encryption software can make company and customer data on your devices unreadable to unauthorized people. Free open-source software TrueCrypt is available for Windows, Mac and Linux machines and can be used to secure data on thumb drives and other storage devices. For Mac, Apple offers free full disk encryption dubbed FileVault2 to users with the Lion operating system.

If you have particularly sensitive information, Summers recommends creating a special encrypted area for that data with its own password. You can create this sort of encrypted “volume” with TrueCrypt and a similar Apple feature.

Also back up the data on your computers in case of loss, theft or damage. With Mozy, you can backup two gigs of data for free offsite and encrypted in Mozy’s data centers.

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Exactly six weeks from today, Anonymous will pull off its greatest and most destructive stunt of all time: Taking down the 13 servers that act as the core address book for everything from the Web to email, essentially blacking out the Internet in a protest of copyright law and Wall Street greed.

Or far more likely, six weeks and one day from today, the hackers will announce via a very-much-still-working Internet that it was all a highly provocative April Fool’s joke, another example of the dare-you-to-react trolling that Anonymous has refined to an art form.

Earlier this week, the loose movement of hackers announced in an online statement a new collective action it’s calling “Operation Global Blackout.” On March 31, it says it plans to attack the thirteen root Domain Name Service (DNS) servers that act as the Internet’s authority on how domain names (like Google.com) are translated to the IP addresses (like 74.125.157.99) of the computers that host those sites and mail servers. If Anonymous can successfully take those root servers down for long enough, DNS could cease to function, and the Web would become at least temporarily inaccessible for most users.

“To protest [the Stop Online Piracy Act], Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down,” reads the statement. “Remember, this is a protest, we are not trying to ‘kill’ the Internet, we are only temporarily shutting it down where it hurts the most…It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.”

But the security industry’s DNS gurus say it’s not time to start downloading your backup archive of Icanhazcheezburger just yet. Rob Graham, a researcher for the security consultancy Errata Security, lists in a blog post a slew of reasons why Anonymous’ DNS attack plan won’t work. Anonymous plans to use a technique it’s calling Reflective DNS Amplification to flood the root servers with spoofed requests from the lower-level DNS servers that look to the root servers for updates. But the thirteen DNS root servers, which are hosted variously by the Pentagon, Verisign, ICANN, Maryland University, NASA and others, each use different policies and hardware, and would each respond to that technique differently, Graham says.

“A technique that might take out one of them likely won’t affect the other twelve. To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one,” he writes. “But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched.”

Moreover, there are actually many more than 13 physical servers acting as the DNS root system. A load-balancing system called Anycast means that as many as thousands of computers share the load of those servers. Taking them all out will be extremely difficult, says Graham. And since most DNS servers cache the information they receive from the root servers for as long as a day, the root servers would have to be kept offline for many hours to have any effect on users.

By announcing its attack so far in advance, Anonymous has given the administrators of the DNS system plenty of time to prepare for the attack and react as it occurs, adds Dan Kaminsky, a well-known researcher who found and helped fix a major flaw in DNS in 2008. ”Most denial of service attacks aren’t proceeded by a warning,” he says. “I’ve talked to various network engineers who are responsible for keeping these servers up, and they’re aware of the threat. They have resources already in place. Anyway, [Anonymous'] disclosure is appreciated.”

Anonymous isn’t the first to try to take down DNS–in fact, it seems to happen every five years or so. In 2002, a similar denial of service attack hit the DNS root servers. A portion of the 13 were taken offline, but without visible results for users. In 2007, a pair of attacks on the root servers struck back-to-back, affecting six servers and taking two offline. But the other servers’ load-balancing technology stood up to the attacks.

All of this isn’t to say Anonymous has no chance of taking out DNS for any period of time–only that it’s extremely unlikely. It’s far more probable, says Kaminsky, that the announcement of ”Operation Global Blackout” is simply the kind of highly provocative, attention-grabbing stunt that often characterizes Anonymous’ actions. “It doesn’t go unnoticed that Anonymous is talking about this the day before April Fool’s,” he says.

He compares the hackers’ announcement to the flurry of attention around the Conficker Worm, which infected 10 million computers in 2009 and was widely reported to be set to launch some sort of attack on the Internet on April 1st of that year. The fact that Anonymous chose nearly the same date may be more than a coincidence. “When you set a deadline, the press gets all ‘doomsday is coming,’ and that’s more disruptive than any actual outage,” says Kaminsky. “Anonymous doesn’t need to do anything on March thirty-first. The mere threat is enough to keep people talking about them and what they represent.”

Logged

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The Information Assurance Directorate (IAD) at NSA recently released a new technical guide entitled, Best Practices for Securing a Home Network. This is one of many guidance documents IAD freely provides to customers outlining practical tips for improving the security of all kinds of applications, operating systems, routers, databases and more. IAD has been providing unclassified security guidance to customers for over ten years. This guidance could not be timelier in light of the increasing threats to U.S. government networks. This latest guide will go a long way in helping our customers protect both their public and private networks. Click here to view the Guide.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

The nature of science fiction has always been thus: no matter how far ahead authors try to think, they are always trapped in their own times. Elements of their books will invariably look dated from the moment they are published.

Ray Bradbury, who died in Los Angeles Wednesday at the grand old age of 91, was as susceptible to this as any other grand master of the genre. Read his 1953 classic of future firemen who burn books, Fahrenheit 451, and you’ll run into plenty of quaint details. Firemen smoking tobacco pipes, lit with “chemical matches.” Cheesy ads for “Denham’s Dentrifice.” 1950s lingo such as “swell”.

But brush those quirks aside, and what you’re left with is one of the most shockingly prescient dystopias ever written — a far more accurate portrayal of our present problems than 1984 or anything in the works of Philip K Dick.

The most important thing to know about Fahrenheit 451 is that it is explicitly not about government censorship. (Bradbury was so firm on this point he once walked out of a UCLA class when his students tried to insist it was so.)

The firemen aren’t burning books on the orders of some shadowy Big Brother. They’re doing it, protagonist Guy Montag is told, because society as a whole turned away from the scary cacophony of knowledge, from the terror of differing opinions and the burden of having to choose between them, from deep and troubling thoughts.

We turned away from literature and towards vapid reality television and radio shows, the book says. We spurned any kind of poetry (Montag’s wife Millie slams Matthew Arnold’s classic Dover Beach as depressing and “disgusting”) and preferred to listen to the noise of our cars as they speed across the landscape at 100 mph.

Even when Guy wants to read his stolen books, he can’t, because the ubiquitous ads drown out his thoughts.

Any of this starting to sound familiar?

Guy and Millie Montag are disconnected by technology. They can’t talk in bed at night because Millie is listening to her “audio seashells” (headphones, basically).

She participates in a reality show with an on-screen “family”, begging her husband for more wall-sized TV screens to complete the experience. The “family” bicker and shout, but there’s very little plot to their show.

Millie can’t even remember how she and Guy met, ten years earlier. That’s some pretty advanced ADD — years before ADD was even defined as a condition.

Meanwhile, somewhere in the background, there’s a longstanding war going on with another unnamed nation; a war that hardly any of the population is paying attention to. They’re much more interested in watching a high-tech police force hunt down criminals live on TV.

Add it all up, and it’s a pretty convincing picture of the 21st century’s dark side. No, our firemen don’t burn books. But if you take that as a metaphor for a fast-paced society that increasingly ignores books, that simply doesn’t have the bandwidth for them — it completes a scarily accurate portrait.

So you want to honor Bradbury’s memory? Read a novel. Read poetry. Read something that disagrees with your viewpoint; heck, read something that disagrees with itself.

But whatever you do, don’t get too hung up on the format. On combustible paper or on a tablet, a novel is a novel. Bradbury may hardly have been the world’s biggest tech geek, but he did eventually allow Fahrenheit 451 to be released as an e-book.

On his website, you can watch videos of the writer explaining that technology, that the world of the Internet, is not inherently at fault; it’s how we use them that counts.

So use them wisely. Focus. Take off your audio seashells. Turn off that reality show. Build our desire for knowledge; don’t burn it.

Every time a reader asks me a basic question, struggles with a computer or lets a cellphone keep ringing at a performance, I have the same thought: There ought to be a license to use technology.

To reduce blur with an iPhone, frame the shot with your finger already on the button, then snap the photo by lifting off the screen instead of tapping it.

Using a special app to scan a QR code — quick response bar codes -- with an iPhone’s or Android phone’s camera will translate it into an ad or take you to a related Web page.

I’m not trying to insult America’s clueless; exactly the opposite, in fact. How is the average person supposed to know the essentials of their phones, cameras and computers? There’s no government leaflet, no mandatory middle-school class, no state agency that teaches you some core curriculum. Instead, we muddle along, picking up scattershot techniques as we go. We wind up with enormous holes in our knowledge.

This week, for example, a reader asked me about those weird, square, pixelated black-and-white bar codes that are cropping up on billboards, movie posters, signs, magazine ads and business cards. Nobody ever bothered to explain them. (They’re QR codes — quick response bar codes. You can scan them with your iPhone’s or Android phone’s camera, using a special app that translates it into an ad or takes you to a related Web page.)

That interaction made me realize that it’s time to publish the first installment of what should be the Big Book of Basic Technology Knowledge — the prerequisite for using electronics in today’s society. Some may seem basic, but you’ll probably find at least a couple of “I didn’t know thats!” among them.

Cellphones

¶ Searching for a signal scarfs up battery juice appallingly quickly. Turn your phone off, or put it into Airplane Mode, before you travel out of cellphone range — for example, on a plane or, for AT&T users, Manhattan and San Francisco.

¶ When you need the phone number, address or directions for any commercial establishment, call 800-BING-411 for an amazingly good voice-activated agent. (Thank you, Microsoft.)

¶ You can skip the inane 15-second voice-mail instructions when leaving a message (“To page this person, press 5”) — if you know your friend’s cellphone carrier. If it’s Verizon, press * to cut directly to the beep. AT&T or Sprint, press 1. T-Mobile, press #. (Better yet: Do the world a favor and add this trick to your own greeting: “To cut to the beep, press 1.”)

¶ If you travel overseas, you may return to a smartphone bill for $5,000 or more, thanks to the staggering international Internet fees. (You might not even know your phone is online — if it checks e-mail every 15 minutes, for example.) Despite many well-publicized horror stories, some people still don’t realize they should call the cellphone company before traveling to buy a special temporary overseas plan.

Cameras

¶ The half-press trick eliminates the frustrating delay when you press a pocket camera’s shutter button. Frame your shot, then half-press the shutter button. The camera beeps when it has locked focus — and that’s the time-consuming part. When pushed the rest of the way down, you snap the picture instantly. No lag.

¶ Your flash is useless if the subject is more than about eight feet away. Turn it off. (This means you, concertgoers and football fans.)

¶ If you erase photos from your memory card accidentally, you can still recover them if you haven’t used the card since. For about $30, you can download memory-card recovery programs; Google “memory card recovery” to find them.

App Phones

¶ On the iPhone, the camera doesn’t snap the photo until you release the on-screen shutter button. That’s good to know if you want a steady, blur-free shot. Frame the shot with your finger on the button, then snap the photo by lifting off the screen instead of tapping it.

¶ On iPhone, Android, BlackBerry and Palm/H.P. phones, tap the Space bar twice at the end of a sentence. You get a period, a space and a capitalized next letter, without hunting for punctuation keys.

¶ Also on those phones, you can type dont, wont, youre, didnt and so on. The phone adds the apostrophe to those automatically. (But you’ll have to learn the difference between it’s and its.)

¶ On a BlackBerry, hold a letter key down to capitalize it.

The Web

¶ You can press Alt+D to highlight the Address bar at the top of your Web browser. Without touching the mouse, type the site name you want.

¶ You don’t have to type “http://www” into your Web browser. Just type “nytimes.com” or “dilbert.com,” for example. In Safari or Firefox, you can even omit the “.com.” In Internet Explorer, you can press Ctrl+Enter to add “.com,” or Ctrl+Shift+Enter for “.org.”

¶ You can tap the Space bar to scroll down by one screenful. Add the Shift key to scroll back up again. (You can also hit the Page Up/Page Down keys, if you have them.)

¶ When you’re filling an order form, you don’t have to slide six miles down the pop-up menu to choose your state. Instead, type the first letter to select it without the mouse. (If you get the wrong state, press the same key again. For example, press C once for California, again for Colorado and a third time for Connecticut.)

¶ When you get an error message — in a program, on your smartphone, on your tablet — search it on Google. You’ll find out what it means instantly.

¶ If you’re trying to paste some ridiculously long Web address where it would be confusing to read (or impossible to fit, as on Twitter), visit a site like Tinyurl.com or Bit.ly. These free sites convert long addresses into very compact ones.

Editing Text

¶ You can double-click a word to highlight it. (You don’t have to drag the mouse across it, in other words.) You can triple-click a word to select the entire paragraph.

¶ When you see highlighted text — in your word processor, for example, or in a Web browser address bar — you don’t have to delete it first. Just start typing.

¶ Sick of how Word automatically creates clickable links, boldface words, indented bulleted or numbered lists and other formatting as you type?The on/off switches for these features exist, but they’re well hidden. In Word 2010 (Windows), open the File menu; click Options, Proofing, AutoCorrect Options, then AutoFormat Options. On the Mac (Word 2011), open the Tools menu; click AutoCorrect, then AutoFormat As You Type.

Mac Specials

¶ When you buy something online, don’t waste paper by printing the confirmation page. Instead, choose Print, and from the PDF pop-up menu, choose “Save PDF to Web Receipts Folder.” You get a beautiful PDF copy stashed in Documents, in a folder called Web Receipts.

¶ You can view most documents without opening a program to do it. At the desktop, highlight the icon and then tap the Space bar — a fantastic way to preview photos, but also great for Office documents, PDF files, movies, sounds and so on.

¶ Press Command-Delete to put a highlighted icon into the Trash.

Windows Specials

¶ When you want to send a file to someone, right-click its icon; from the shortcut menu, choose Send to Mail Recipient. Windows thoughtfully creates an outgoing e-mail message with the file attached. (If it’s a photo, Windows even offers to let you shrink them down to reasonable e-mailable size.)

¶ Ever wonder about the Windows-logo key? It sets off a host of useful functions: press it with F for Find, with D to see the desktop with all windows hidden, with L to lock the screen while you wander off to get coffee, and so on.

¶ You don’t have to pay for antivirus and anti-spyware software, year after year. Microsoft offers a perfectly good free security program.

All right, there’s a start. There are more waiting for you atnytimes.com/pogue.Here’s hoping that your tech knowledge is just a little less sketchy.E-mail: pogue@nytimes.com

Presented with 10 million digital images found in YouTube videos, what did Google’s brain do? What millions of humans do with YouTube: looked for cats.

The neural network taught itself to recognize cats, which is actually no frivolous activity. This week the researchers will present the results of their work at a conference in Edinburgh, Scotland. The Google scientists and programmers will note that while it is hardly news that the Internet is full of cat videos, the simulation nevertheless surprised them. It performed far better than any previous effort by roughly doubling its accuracy in recognizing objects in a challenging list of 20,000 distinct items.

Yahoo email addresses were hacked. Gmail, MSN, Hotmail, Comcast and AOL accounts have also been hacked. Here's the article with the link to check if your email address was one of those posted online with the password.http://mashable.com/2012/07/12/yahoo-voices-hacked/

Some of you might recall George Gilder's notion of "storewidth" - the need for massive storage to house all the data that his glowing efflorescence of globe-circling light would require. The article below asks the consequent question.D.

It is not news that our capacity to gather and store immense amounts of data has grown by leaps and bounds. A few years ago, it was unthinkable for a free email account to offer more than 10 or 20 megabytes of storage. Today, one stores thousands of times that amount. But that's barely scratching the surface compared to the truly massive data collection projects now under way.

The Large Synoptic Survey Telescope is slated to come online in 2016. When it's operational, estimates are that it will acquire knowledge of our universe at the rate of 140 terabytes of data every five days, or better than 10 petabytes a year - that's 10,000,000,000,000,000 bytes per year, or more data than in every book ever written accruing about every two days. And who knows how much info the Large Hadron Collider will be spewing out by then? In 2010 alone, the LHC gathered 13 petabytes' worth. And then there's Google, processing in the neighborhood of 24 petabytes. Per day.

Only a few years ago, a gigabyte (one billion bytes) was thought to be a lot of data. Now it's nothing. Even home hard drives can store a terabyte (one trillion) these days. The commercial and governmental sectors regularly handle petabytes (quadrillion), while researchers routinely chat about the looming frontiers: exabytes (quintillion), zettabytes (sextillion), and yottabytes (septillion). It has not been necessary to name the next one after that. Yet.

But it's not just the Googles and NASAs of the world that are dealing with that kind of data. Virtually every Fortune 500 company in the world has a massive data warehouse where it's accumulated millions of documents and billions of data records from inventory systems, ecommerce systems, and marketing-analytics software.

You bump up against this kind of massive data collection every time you swipe your credit card at Walmart. The retail giant processes more than a million transactions just like yours every hour and dumps the results into a database that currently contains more than 2.5 petabytes of data. That's equivalent to all the information contained in all the books in the Library of Congress about 170 times over.

These increasingly large mounds of data have begun to befuddle even the geekiest members of those organizations.Our ability to collect massive amounts of data continues to grow at an exponential rate. But the more we collect, the harder it becomes to derive anything meaningful from it. After all, what on earth do youdo with all this stuff? How do you sort it? How do you search it? How do you analyze it so that something useful comes out the other end? That's the problem facing developers for whom the traditional tools of database management are powerless in the face of such an onslaught. Data stores have far outgrown our ability to keep the data neat, clean, and tidy, and hence easy to analyze. What we have now is a mess of varying types of data - with moving definitions, inconsistent implementations, even the equivalent of digital freeform - that needs to be analyzed at a massive scale. It's a problem both of size and complexity.Which brings us face to face with the hottest tech buzz words of 2012: Big Data.

Supersized Us

The idea that data can be supersized is, of course, not new. But what is new is a convergence of technologies that deal with it in some efficient, innovative, and highly creative ways. Though Big Data is a market that's still in its infancy, it is consuming increasingly large chunks of the nation's overall IT budget. How much actually is being spent depends on how you define the term; hard numbers are impossible to come by. Conservative estimates claim we're headed to somewhere between $20 and $55 billion by 2015. Out at the high end, Pat Gelsinger, COO of data-storage giant EMC, claims that it is already a $70-billion market - and growing at 15-20% per year.

Take your pick. But regardless, it's small wonder that venture capitalists are falling all over themselves to throw money at this tech. Accel Partners launched a $100 million Big Data fund last November, and IA Ventures initiated its $105-million IAVS Fund II in February. Even American Express has ponied up $100 million to create a fund to invest in the sector.Down in Washington, DC, the White House has predictably jumped into the fray, with an announcement on March 29 that it was committing $200 million to develop new technologies to manipulate and manage Big Data in the areas of science, national security, health, energy, and education.

John Holdren, director of the White House's Office of Science and Technology Policy, paid lip service to the private sector, saying that while it "will take the lead on big data, we believe that the government can play an important role, funding big data research, launching a big data workforce, and using big data approaches to make progress on key national challenges."At the same time, The National Institute of Standards and Technology (NIST) will be placing a new focus on big data.

According to IT Lab Director Chuck Romine, NIST will be increasing its work on standards, interoperability, reliability, and usability of big data technologies, and predicts that the agency will "have a lot of impact on the big data question."

CRM = customer resource management

ERP = enterprise resource planning

ETL = extract, transform, and load

HDFS = Hadoop distributed file system for Big Data

SQL = a programming language for managing relational databases

NoSQL = not just SQL

NGDW = next generation data warehouse kjlkjlk

No shocker, the Department of Defense is also already hip-deep in the sector, planning to spend about $250 million annually - including $60 million committed to new research projects - on Big Data. And of course you know that DARPA (the Defense Advanced Research Projects Agency) has to have its finger in the pie. It's hard at work on the XDATA program, a $100-million effort over four years to "develop computational techniques and software tools for sifting through large structured and unstructured data sets."

If much of this seems a bit fuzzy, here's an easy way of thinking about it: Suppose you own the mineral rights to a square mile of the earth. In this particular spot, there were gold nuggets lying on the surface and a good deal more accessible gold just below ground, and you've mined all of that. Your operation thus far is analogous to the stripping of chunks of useful information from the available data using traditional methods.

But suppose there is a lot more gold buried deeper down. You can get it out and do so cost-effectively, but in order to accomplish that you have to sink mine shafts deep into the earth and then off at various angles to track the veins of precious-metal-bearing rock (the deepest mine on earth is in South Africa, and it plunges two miles down). That's a much more complex operation, and extracting gold under those conditions is very like pulling one small but exceedingly useful bit of information out of a mountain-sized conglomeration of otherwise-useless Big Data.

So how do you do it?

You do it with an array of new, exciting, and rapidly evolving tools. But in order to understand the process, you'll first have to learn the meaning of some acronyms and terms you may not yet be familiar with. Sorry about that.With these in mind, we can now interpret this diagram, courtesy of Wikibon, which lays out the traditional flow of information within a commercial enterprise:

Here you can see that data generated by three different departments - customer resource management, enterprise resource planning, and finance - are funneled into a processor that extractsthe relevant material, transforms it into a useful format (like a spreadsheet), and loads it into a central storage area, the relational database warehouse. From there, it can be made available to whichever end user wants or needs it, either someone within-house or an external customer.

Enter the Elephant

The old system works fine within certain parameters. But in many ways, it's becoming Stone-Age stuff, because: The raw amount of input must not be too large; it must be structured in a way that is easy to process (traditionally, in rows and columns); and the desired output must not be too complex. Heretofore, as businesses were interested mainly in such things as generating accurate financial statements and tracking customer accounts, this was all that was needed.However, potential input that could be of value to a company has increased exponentially in volume and variety, as well as in the speed at which it is created. Social media, as we all know, have exploded. 700 million Facebook denizens, a quarter of a billion Twitter users, 150 million public bloggers - all these and more are churning out content that is being captured and stored. Meanwhile, 5 billion mobile-phone owners are having their calls, texts, IMs, and locations logged. Online transactions of all different kinds are conducted by the billions every day. And there are networked devices and sensors all over the place, streaming information.

This amounts to a gargantuan haystack. And what is more, much of this haystack consists of material that is only semi-structured, if not completely unstructured, making it impossible for traditional processing systems to handle. So if you're combing the hay, looking for the golden needle - let's say, two widely separated but marginally related data points that can be combined in a meaningful whole for you - you won't be able to find it without a faster and more practical method of getting to the object of your search. You must be able to maneuver through Big Data.

Some IT pros could see this coming, and so they invented - ta dah - a little elephant:

Apache.org

Hadoop was originally created by Doug Cutting at Yahoo! and was inspired by MapReduce, a tool for indexing the Web that was developed by Google. The basic concept was simple: Instead of poking at the haystack with a single, big computer, Hadoop relies on a series of nodes running massively parallel processing (MPP) techniques. In other words, it employs clusters of the smaller, less-expensive machines known as "commodity hardware" - whose components are common and unspecialized - and uses them to break up Big Data into numerous parts that can be analyzed simultaneously.

That takes care of the volume problem and eliminates the data-ingesting choke point caused by reliance on a single, large-box processor. Hadoop clusters can scale up to the petabyte and even exabyte level.

But there's also that other obstacle - namely, that Big Data comes in semi- or unstructured forms that are resistant to traditional analytical tools. Hadoop solves this problem by creating a default file storage known as the Hadoop Distributed File System (HDFS). HDFS is specially tailored to store data that aren't amenable to organization into the neatly structured rows and columns of relational databases.

After the node clusters have been loaded, queries can be written to the system, usually in Java. Instead of returning relevant data to be worked on in some central processor, Hadoop causes the analysis to occur at each node simultaneously. There is also redundancy, so that if one node fails, another preserves the data.

The MapReduce part of Hadoop then goes to work according to its two functions. "Map" divides the query into parts and parallel processes it at the node level. "Reduce" aggregates the results and delivers them to the inquirer.

After processing is completed, the resulting information can be transferred into existing relational databases, data warehouses, or other traditional IT systems, where analysts can further refine them. Queries can be written in SQL - a language with which more programmers are familiar - and converted into MapReduce.

One of the beauties of Hadoop - now a project of the Apache Software Foundation - is that it is open source. Thus, it's always unfinished. It evolves, with hundreds of contributors continuously working to improve the core technology.

Now trust us, the above explanation is pared down to just the barest of bones of this transformational tech. If you're of a seriously geeky bent (want to play in your very own Hadoop sandbox? - you can: the download is free) or are simply masochistic, you can pursue the subject down a labyrinth that'll force you to learn about a bewildering array of Hadoop subtools with such colorful names as Hive, Pig, Flume, Oozie, Avro, Mahout, Sqoop, and Big Top. Help yourself.

Numerous small startups have, well, started up in order to vend their own Hadoop distributions, along with different levels of proprietary customization. Cloudera is the leader at the moment, as its big-name personnel lineup includes Hadoop creator Cutting and data scientist Jeff Hammerbacher from Facebook. Alternatively, there is Hortonworks, which also emerged from Yahoo! and went commercial last November. MapR is another name to watch. Unfortunately, the innovators remain private, and there are no pure-investment plays as yet in this space.

It isn't simply about finding that golden needle in the haystack, either. The rise of Hadoop has enabled users to answer questions no one previously would have thought to ask. Author Jeff Kelly, writing onWikibon, offers this outstanding example (emphasis ours):

"ocial networking data [can be] mined to determine which customers pose the most influence over others inside social networks. This helps enterprises determine which are their 'most important' customers, who are not always those that buy the most products or spend the most but those that tend to influence the buying behavior of others the most."Brilliant - and now possible.

Hadoop is, as noted, not the be-all and end-all of Big-Data manipulation. Another technology, called the "next generation data warehouse" (NGDW), has emerged. NGDWs are similar to MPP systems that can work at the tera- and sometimes petabyte level. But they also have the ability to provide near-real-time results to complex SQL queries. That's a feature lacking in Hadoop, which achieves its efficiencies by operating in batch-processing mode.

The two are somewhat more complementary than competitive, and results produced by Hadoop can be ported to NGDWs, where they can be integrated with more structured data for further analysis. Unsurprisingly, some vendors have appeared that offer bundled versions of the different technologies.

For their part, rest assured that the major players aren't idling their engines on the sidelines while all of this races past. Some examples: IBM has entered the space in a big way, offering its own Hadoop platform; Big Blue also recently acquired a leading NGDW, as did HP; Oracle has a Big-Data appliance that joins Hadoop from Cloudera with its own NoSQL programming tools; EMC scooped up Hadoop vendor Greenplum; Amazon employs Hadoop in its Elastic MapReduce cloud; and Microsoft will support Hadoop on its Azure cloud.

And then there's government. In addition to the executive-branch projects mentioned earlier, there is also the rather creepy, new, $2-billion NSA facility being built in Utah. Though its purpose is top secret, what is known is that it's being designed with the capability of storing and analyzing the electronic footprint - voice, email, Web searches, financial transactions, and more - of every citizen in the US. Big Data indeed.

The New Big World

From retail to finance to government to health care - where an estimated $200 billion a year could be saved by the judicious use of Big Data - this technology is game-changing. Not necessarily for the better, as the superspy facility may portend.And even outside the NSA, there are any number of serious implications to deal with. Issues related to privacy, security, intellectual property, liability, and much more will need to be addressed in a Big-Data world.

We'd better get down to it, because this tech is coming right at us - and it is not stoppable.

In fact, the only thing slowing it at all is a shortage of expertise. It's happened so fast that the data scientists with the proper skill sets are in extremely short supply - a situation that is projected to get worse before it gets better. Management consulting firm McKinsey & Co. predicts that by 2018, "the United States alone could face a shortage of 140,000 to 190,000 people with deep analytical skills, as well as [a further shortage of] 1.5 million managers and analysts with the know-how to use the analysis of big data to make effective decisions."

If you know any bright young kids with the right turn of mind, this is definitely one direction in which to steer them.The opportunity exists not just for aspiring information-miners. Just as the relational database - which started as a set of theoretical papers by a frustrated IBM engineer fed up with the current status quo in the field - has grown from academic experiments and open-source projects into a multibillion-dollar-per-year industry with players like Microsoft and Oracle and IBM, so too is Big Data in the beginning of a rapid growth curve. From today's small companies and hobby projects will come major enterprises. Stories like MySQL - an open-source project acquired by Sun Microsystems for $1 billion in 2008 - are coming in Big Data.

The U.S. Department of Justice, in a first for the agency, said Tuesday it shut three Websites that allegedly catered to customers seeking illegal copies of copyrighted apps for the Android-based mobile devices and seized the domain names: applanet.net, appbucket.net and snappzmarket.com.

The seizures are the latest in an ongoing effort by DOJ to target piracy on the Internet. In recent years, the Justice Department has moved to seize a variety of websites offering illegal copies of big-budget movies and other content.

On Tuesday, Assistant U.S. Attorney General Lanny Breuer said combating piracy of copyrighted works remains a “top priority” for DOJ’s Criminal Division.

As part of the operation, Federal Bureau of Investigation agents downloaded thousands of copies of popular mobile device apps from online markets suspected of distributing copies of those apps without permission from software developers who would normally sell them for a fee, the Justice Department said.

In many cases, the servers storing the apps were hosted overseas, DOJ said. French and Dutch law enforcement were among the international agencies who coordinated with U.S. officials in the operation.

“Criminal copyright laws apply to apps for cell phones and tablets, just as they do to other software, music and writings,” said Sally Quillian Yates, the U.S. attorney in Atlanta, which sought the seizure orders. “These laws protect and encourage the hard work and ingenuity of software developers entering this growing and important part of our economy.”

Representatives for the seized websites couldn’t immediately be located for comment Wednesday.

Winning the Internet Arms Race The threat to cyber freedom is growing, and countering it takes action—not rhetoric..Article Comments (3) more in Opinion | Find New $LINKTEXTFIND$ ».smaller Larger facebooktwittergoogle pluslinked ininShare.0EmailPrintSave ↓ More ..smaller Larger By CRAIG A. NEWMAN In the days since three feminist punk-rockers in Russia were sentenced to prison terms for protesting against Vladimir Putin, Western leaders have denounced the government's actions. The Pussy Riot trial was a particularly egregious effort to stifle dissent. But democratic leaders are failing to connect the episode to what is clearly a growing, world-wide attack on free speech, particularly on the Internet.

Recognizing the threat that online speech represents to their illegitimate regimes, dictators around the world have intensified their fight against communications technology. Many of these efforts are clandestine, but not always.

Russia, China, North Korea and a host of other countries are seeking to advance their repressive agendas at the United Nations' inaugural World Conference on International Telecommunications, set for December in Dubai.

These countries are pushing for the International Telecommunication Union (ITU), a United Nations treaty organization, to expand its mandate to include "regulation" of the Internet. This expansion would allow dictators to advocate treaty changes that could have the effect of legitimizing their censorship efforts.

One provision that will be considered at the conference would permit a country to limit unrestricted Internet access if international telecommunications services are used to interfere with its "internal affairs." Such language, if adopted, would give repressive regimes a broad, and U.N.-sanctioned, excuse to clamp down on free speech.

Whatever the outcome in Dubai, one thing is clear: The struggle for Internet freedom requires more action—especially to support new technologies and applications—and less rhetoric.

Enlarge Image

CloseAFP/Getty Images

Supporters of the Russian punk band 'Pussy Riot' protest in front of the Russian embassy in Warsaw on August 17..The well intended but empty words of democratic leaders and the failed diplomacy of bureaucrats are doing little to curtail Internet suppression. Just weeks ago, for example, the U.N. passed a resolution affirming Internet freedom as a basic human right. But the resolution, signed by China and other nations that routinely censor the Internet, was nonbinding and unlikely to change a thing.

Meanwhile, as the West goes through the diplomatic motions, activists are fighting bare-knuckles on the cyber streets—using technology to open the doors of free dialogue. Their effort deserves the direct support of the U.S. and other democratic countries.

The building blocks to sustain this movement are already in place. Nongovernmental organizations such as Advancing Human Rights now use Internet technology as a primary weapon. These veteran activists have decided that the best way around a dictator's iron fist is the Internet.

One of the activists' new tools: the "Internet in a suitcase." With help from the U.S. State Department and the New America Foundation, a Washington-based think tank, developers built a small unit that can circumvent Internet restrictions. Using everyday materials that can be smuggled into contested regions, the suitcase provides dissidents with independent Internet access. The first field deployment of such technology was reportedly in Afghanistan as early as 2006, when a shadow digital network was created to allow uncensored and unrestricted cellphone and Internet service.

At an even more basic level, activists are being supported by smartphone applications, including a "panic button" that allows users to instantly wipe clean their mobile devices and send alerts to associates. With the critical importance of mobile communications, this technology gives users the confidence they can communicate sensitive information without incriminating themselves or their allies if their equipment is confiscated. With just a keystroke, dissidents can prevent information from falling into the wrong hands, and warn others of pending danger.

But the ultimate impact of these and other tech solutions will depend on how fully they are supported. As Assistant Secretary of State Michael Posner acknowledged in 2011, repressive regimes and democratic dissidents are essentially locked in a technological arms race.

It will take time, money and partnerships to win the race. The public and private sectors have provided modest financial and technical support. But now is the time for peace- and freedom-loving organizations of all kinds to step forward with sustained funding and other assistance for communications technologies that empower citizens.

Every human-rights movement hinges on a moment when the focus shifts away from words toward action. The fight for Internet freedom has reached just such a pivotal moment.

Mr. Newman, an attorney with Richards Kibbe & Orbe LLP, is CEO of the Freedom2Connect Foundation, a Washington-based nonprofit established to promote Internet freedom through the use of technology.

Part 1: How Apple and Amazon Security Flaws Led to My Epic HackingMat Honan

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed. I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my me.com e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

Lulz.

I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my me.com account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run me.com e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on.

Part 2: How I Resurrected My Digital Life After an Epic Hacking

When my data died, it was the cloud that killed it. The triggers hackers used to break into my accounts and delete my files were all cloud-based services — iCloud, Google, and Amazon. Some pundits have latched onto this detail to indict our era of cloud computing. Yet just as the cloud enabled my disaster, so too was it my salvation.Yes, you can die by the cloud. But you can live by it too. Here’s how I regained my digital life after it was taken away from me.

When hackers broke into my iCloud account and wiped my devices, my first assumption was that someone had broken into my local network. So the first thing I did was shut down the internet and turn off all of my other machines. I wanted those assholes out of my house. But that also meant I had no way to send or receive data.

AppleCare’s phone support was useless. The 90 fruitless minutes I spent on the phone accomplished nothing at all to regain control of my AppleID. Nor did a follow-up help to stop the remote wipe taking over my MacBook Air. I had to get online. So to reconstruct my life, I started off by going next door, where I borrowed my neighbor’s computer to use their internet.

Ultimately, I was able to get back into my iCloud account by resetting the password online. Once I did, I began restoring my iPhone and iPad from iCloud backups. The phone took seven hours to restore. The iPad took even longer. I could use neither during this time.

From my wife’s phone, I called my bank and completely changed my logins. Then I set about checking online to see which other accounts might have been compromised. By now I felt safe turning on our own home internet and using one of my other computers to check these accounts. But I hit an immediate problem: I didn’t know any of my passwords.

I’m a heavy 1Password user. I use it for everything. That means most of my passwords are long, alphanumeric strings of gibberish with random symbols. It’s on my iPhone, iPad and Macbook. It syncs up across all those devices because I store the keychain in the cloud on Dropbox. Update a password on my phone, and the file is saved on Dropbox, where my computer will pull it down later, and vice versa.

But I didn’t have it on any of our other systems. So now I couldn’t get to my keychain. And so I was stuck in a catch-22. My Dropbox password was itself a 1password-generated litany of nonsense. Without access to Dropbox, I couldn’t get my keychain. Without my keychain, I couldn’t get into Dropbox.

And then I remembered that I had also used Dropbox previously on my wife’s machine. Had I stored the password there?

Five hours after the hack started, still locked out of everything, I flipped open the lid of her computer, and nervously powered it up. And there it was: my Dropbox. And in it, my 1Password keychain, the gateway to my digital life.

It was time to get cranking. I set up a new Twitter account. And then, with my now-found password manager, I logged into Tumblr.

Here’s the thing: I probably got my stuff back faster than you would have. I’ve been a technology journalist for more than a dozen years, and in that time I’ve made lots and lots of contacts. Meanwhile, my Tumblr post spread like warm butter across the piping hot English muffin of the internet.

A lot of people saw the post, some of whom were executives or engineers at Google and Twitter. I still had to go through official channels, but they pointed me to the right place to start the recovery process on both of those services. On Friday night, I filled out forms on both sites (Google’s is here, Twitter’s is here) to try to reclaim my accounts.Someone else saw my posts on that night too: my hacker.

I had posited that the hackers had gotten in via brute forcing my 7-digit password. This caused my hacker, Phobia, to respond to me. No, he bragged, brute force wasn’t involved. They got it right from AppleCare, he said via a Twitter DM. I still didn’t know how that worked, exactly, but this piece of information led me to start digging.As it turned out, breaking into Apple accounts was ridiculously easy. On Saturday, when I fully understood just how Phobia and his partner had gotten in (and how easily it could happen again), I made a distressed phone call to Apple to ask that the company lock everything down, and issue no more password resets.

It was on this call that I confirmed someone else had called in about my account at 4:33 p.m. the previous day — someone who I now knew to be Phobia. Chandler McDonald, the tech who helped me on that call, was the first person at Apple to take what was happening really seriously, and was one of only two positive experiences I had with Apple that weekend (or since). McDonald reassured me that he was going to get my account locked down, and promised to call me the next day. And he did. I’m still grateful.

Also on Friday night, I began the process of restoring my Google account. Because I couldn’t send a backup to my now non-functioning phone, I had to fill out some forms online that asked me questions about my account usage that, presumably, only I would know. For example, I was asked to name the five people I e-mailed the most.On Saturday morning, I received an automated e-mail from Google asking me to go online and define even more personal information. This time, I was asked for things like the names of folders in my Gmail account, and the dates on which I had set up various other Google accounts, like Google Docs. It was a little flummoxing, and I wasn’t sure I knew the answers to these questions. But I tried, and I guess I got the answers right.

That same day, while still waiting for access to my Google account, I was having another Google-related problem that was keeping me from being able to use my phone. Although the restore from backup was complete, and I could use over-the-air data to access internet services, it would not send or receive calls. At first I couldn’t understand why, and then realized it was because I had linked my number to Google Voice.

Since Google has integrated sign-ons across all accounts, not only was my Gmail nuked, but so was every other associated Google service as well. That meant my Google Voice number was dead. And because I (obviously) couldn’t log into Google Voice, I couldn’t opt to disconnect it from my phone. I called Sprint and asked the tech support rep there to do it for me. Done.

Almost immediately, my phone lit up with text messages from concerned friends, wanting to let me know I’d been hacked.

Thanks guys, I know. I know.

Just before noon on Saturday, my Google account was restored. Given what I’ve subsequently learned about how long it has taken others to do the same, I think that had my case not been escalated, this process could have taken 48 hours or more. Yes, I went through the normal steps, and had to prove I was who I claimed to be, but the process was likely faster for me than it would be for most.

Once in my inbox, I saw how remarkably little the intruders had done. They had torched the joint just after getting a password reset on Twitter. I went through and checked all my mail filters and settings to make sure new messages wouldn’t be also copied to someone else without my knowledge, and systematically revoked every single app and website I’d authorized to connect to my Google account.

Saturday night, after verifying my Wired e-mail address and exchanging several e-mails with tech support, I got back into my Twitter account too. It was in ruins. There were racist and anti-gay tweets all over the place, as well as taunting remarks aimed at other hackers, and other users. At first I left these up, just as documentation, but then went in and deleted the worst of them.

That night, I stayed up late, direct-messaging Phobia on Twitter.

Sunday afternoon, I found myself at the Apple Store in San Francisco’s worst mall. I was, to say the least, cranky. Although I’d called on a Friday night, the first appointment I could get was at 1 p.m. on Sunday. By 1:20 p.m., I was talking to an Apple genius named Max. He was awesome. He’d heard of my case.

He told me that while Apple couldn’t recover my data, it could probably stop the wipe from progressing further. There was the 4-digit PIN that needed to be entered, as well as a firmware-level password, and I had neither. I told him all I cared about was preserving my data. He scurried away with my machine.

And indeed, Monday afternoon, Max called to let me know that they had been able to reset the firmware password. They couldn’t crack the PIN, but he said I should be able to pull whatever data existed on there off. Good news. I began researching data-recovery firms.

Getting data back from a SSD drive, like the one in my MacBook Air, is considerably trickier than recovering it from a standard HDD for all kinds of reasons — from the way SSDs reallocate data, to the lack of a physical platter, to hardware-level encryption keys. I wasn’t about to attempt to recover it myself. Max, my guy at the Apple Store, had suggested that I call DriveSavers. Several other people I know and respect, like TWiT’s Leo Laporte, whose show I appeared on that weekend, told me the same thing.

And so, on Friday, exactly one week after my system was wiped, I sent my Mac away to Novato to see what could be recovered from the drive hackers had wiped.

In a nutshell, here’s what happens when you take your machine to DriveSavers (and we’ll have a full rundown on this later). First, they remove your drive from the machine and put it in a custom adapter. From there they use a proprietary method to image your system and copy that data to a secure “slicked” disk so there’s no chance of data contamination. This is done extremely rapidly so that the original drive doesn’t have to be powered up for very long.

Next they put the original drive aside to preserve it, and then begin working off the copy to see what’s on there. In some cases, like mine, there are no more files or directory structures to pore over. So they scour the drives looking at raw hex data. When you see this in action, it looks a lot like The Matrix, with rows and rows of random numbers and characters scrolling up a screen, faster than your eyes can focus on.

Except, that’s not what they saw on mine.

When Drivesavers began looking at my machine, the first 6GB of data held a clean install of Mac OS X. And after that, all they saw was row after row after row of zeroes. That data had been zeroed out. Overwritten. No recovery.

And then numbers. That beautiful hex data started rolling across the screen. Yes, 25 percent of my drive was gone and beyond repair. But the remaining 75 percent? Hope for life. DriveSavers called me to come look at what they had found, and my wife and I drove up there on Wednesday morning.

My data came back to me on an external hard drive, organized by file types. The thing I cared most about, above all else, was my photo library. And there, in a folder full of JPGs, was photo after photo after photo that I had feared were gone forever. Subfolders were organized by the year, month and day files were created. I went immediately to the folder that bore the date my daughter was born. They were there. Everything was there. We were floored. I nearly cried.

I am an over-sharer. But the things most intimate in life, I tend to keep private. And so although I have posted picture after picture to Flickr, Facebook and Instagram, the stuff that was really important — the stuff that maybe even was most important — has always been mine alone. It lived nowhere but on my hard drive.

Some of the photos were ancient artifacts that traveled with me from machine to machine with each upgrade cycle. In fact, much of the data was far older than the last device it was stored on. Most of those older images had been backed up to an external hard drive. And some of the newer ones were safe on PhotoStream, one of Apple’s iCloud services. But most of the shots that I had taken with my camera over the past 20 months since I last backed up were lost forever. And here they were again, recovered. Reborn. It was gorgeous.

I didn’t get everything back. DriveSavers was only looking for the things I specifically requested. I’ve lost all my applications, for example, as well as long-established preferences and settings that have been moving from machine to machine with me. But that’s OK. I can live without them. I can buy them again. Whatever. Besides, sometimes it’s nice to start with a clean slate, and I spent yesterday installing a new, clean operating system on my MacBook Air.

The bottom line is that I have all my photos and all the home movies I’ve shot. Every one of them. And seemingly all of my most important documents as well. That felt like a miracle.

The bill for all this? $1,690. Data doesn’t come cheap.

I’ve been asked again and again what I’ve learned, and what I now do differently. I’m still figuring some of that out.

I’m certainly a backup believer now. When you control your data locally, and have it stored redundantly, no one can take it from you. Not permanently, at least. I’ve now got a local and online backup solution, and I’m about to add a second off-site backup into that mix. That means I’ll have four copies of everything important to me. Overkill? Probably. But I’m once bitten.

And then there’s the cloud. I’m a bigger believer in cloud services than ever before. Because I use Rdio, not iTunes, I had all my music right away. Because I use Evernote to take reporting notes, everything that I was currently working on still existed. Dropbox and 1Password re-opened every door for me in a way that would have been impossible if I were just storing passwords locally via my browser.

But I’m also a security convert.

It’s shameful that Apple has asked its users to put so much trust in its cloud services, and not put better security mechanisms in place to protect them. AppleIDs are too easily reset, which effectively makes iCloud a data security nightmare. I’ve had person after person after person report similar instances to me, some providing documentation showing how easily their Apple accounts were compromised.

And due to Apple’s opacity, I have no way of knowing if things have improved. Apple has refused to tell me in what ways its policies weren’t followed “completely” in my case. Despite being an Apple user for nearly 20 years and having generally positive feelings toward the company, I no longer trust it to do the right thing in terms of protecting my data. I’ve turned off its Find My services and won’t turn them back on.

Amazon also had a glaring security flaw, and although it has fixed that exploit, the flaw’s mere existence should serve as a warning to all of us about all of our other accounts. We don’t often know what’s required to issue a password reset, or have someone get into our account through a company’s tech support system.But hackers do.

I’m working on another story looking at how widespread these practices are, and while there’s much reporting left to be done, it’s already very clear that the vulnerabilities at Amazon aren’t unique. It’s also clear that many of these gaping security holes are common knowledge within certain communities online. Bored teenagers up late on hot summer nights know more about social engineering exploits than I would wager most of the executives at affected companies do. That needs to change.

Previously, when I had the option for ease-of-use versus security, I always went the easy route. I stored my credit cards with the merchants I used for faster transactions. I didn’t enable two-factor authentication on Google or Facebook. I never set up dedicated (and secret) e-mail accounts for password management. I take those steps now. But I also know that no matter what security measures I take, they can all be undone by factors beyond my control.

We don’t own our account security. And as more information about us lives online in ever more locations, we have to make sure that those we entrust it with have taken the necessary steps to keep us safe. That’s not happening now. And until it does, what happened to me could happen to you.

2:41pm ESTBy Joseph MennSAN FRANCISCO (Reuters) - An unprecedented debate over how the global Internet is governed is set to dominate a meeting of officials in Dubai next week, with many countries pushing to give a United Nations body broad regulatory powers even as the United States and others contend such a move could mean the end of the open Internet.The 12-day conference of the International Telecommunications Union, a 147-year-old organization that's now an arm of the United Nations, largely pits revenue-seeking developing countries and authoritarian regimes that want more control over Internet content against U.S. policymakers and private Net companies that prefer the status quo.Many of the proposals have drawn fury from free-speech and human-rights advocates and have prompted resolutions from the U.S. Congress and the European Parliament, calling for the current decentralized system of governance to remain in place.

While specifics of some of the most contentious proposals remain secret, leaked drafts show that Russia is seeking rules giving individual countries broad permission to shape the content and structure of the Internet within their borders, while a group of Arab countries is advocating universal identification of Internet users. Some developing countries and telecom providers, meanwhile, want to make content providers pay for Internet transmission.

Fundamentally, most of the 193 countries in the ITU seem eager to enshrine the idea that the U.N. agency, rather than today's hodgepodge of private companies and nonprofit groups, should govern the Internet. They say that a new regime is needed to deal with the surge in cybercrime and more recent military attacks.

The ITU meeting, which aims to update a longstanding treaty on how telecom companies interact across borders, will also tackle other topics such as extending wireless coverage into rural areas.

If a majority of the ITU countries approve U.N. dominion over the Internet along with onerous rules, a backlash could lead to battles in Western countries over whether to ratify the treaty, with tech companies rallying ordinary Internet users against it and some telecom carriers supporting it.

In fact, dozens of countries including China, Russia and some Arab states, already restrict Internet access within their own borders. Those governments would have greater leverage over Internet content and service providers if the changes were backed up by international agreement.

Amid the escalating rhetoric, search king Google last week asked users to "pledge your support for the free and open Internet" on social media, raising the specter of a grassroots outpouring of the sort that blocked American copyright legislation and a global anti-piracy treaty earlier this year.

Google's Vint Cerf, the ordinarily diplomatic co-author of the basic protocol for Internet data, denounced the proposed new rules as hopeless efforts by some governments and state-controlled telecom authorities to assert their power.

"These persistent attempts are just evidence that this breed of dinosaurs, with their pea-sized brains, hasn't figured out that they are dead yet, because the signal hasn't traveled up their long necks," Cerf told Reuters.

The ITU's top official, Secretary-General Hamadoun Touré, sought to downplay the concerns in a separate interview, stressing to Reuters that even though updates to the treaty could be approved by a simple majority, in practice nothing will be adopted without near-unanimity.

"Voting means winners and losers. We can't afford that in the ITU," said Touré, a former satellite engineer from Mali who was educated in Russia.Touré predicted that only "light-touch" regulation on cyber-security will emerge by "consensus", using a deliberately vague term that implies something between a majority and unanimity.

He rejected criticism that the ITU's historic role in coordinating phone carriers leaves it unfit to corral the unruly Internet, comparing the Web to a transportation system.

"Because you own the roads, you don't own the cars and especially not the goods they are transporting. But when you buy a car you don't buy the road," Touré said. "You need to know the number of cars and their size and weight so you can build the bridges and set the right number of lanes. You need light-touch regulation to set down a few traffic lights."

Because the proposals from Russia, China and others are more extreme, Touré has been able to cast mild regulation as a compromise accommodating nearly everyone.

Two leaked Russian proposals say nations should have the sovereign right "to regulate the national Internet segment". An August draft proposal from a group of 17 Arab countries called for transmission recipients to receive "identity information" about the senders, potentially endangering the anonymity of political dissidents, among others.A U.S. State Department envoy to the gathering and Cerf agreed with Touré that there is unlikely to be any drastic change emerging from Dubai.

"The decisions are going to be by consensus," said U.S. delegation chief Terry Kramer. He said anti-anonymity measures such as mandatory Internet address tracing won't be adopted because of opposition by the United States and others.

"We're a strong voice, given a lot of the heritage," Kramer said, referring to the United States' role in the development of the Internet. "A lot of European markets are very similar, and a lot of Asian counties are supportive, except China."

Despite the reassuring words, a fresh leak over the weekend showed that the ITU's top managers viewed a badly split conference as a realistic prospect less than three months ago.

The leaked program for a "senior management retreat" for the ITU in early September included a summary discussion of the most probable outcomes from Dubai, concluding that the two likeliest scenarios involved major reworkings of the treaty that the United States would then refuse to sign. The only difference between the scenarios lay in how many other developed countries sided with the Americans.

An ITU spokesman said Tuesday that "the management team has never doubted that consensus will be found" and that the scenarios were meant to aid efforts at facilitating the process.

Touré said that because the disagreements are so vast, the conference probably will end up with something resembling the ITU's earlier formula for trying to protect children online — an agreement to cooperate more and share laws and best practices, perhaps with hotlines to head off misunderstandings.

"From Dubai, what I personally expect is to see some kind of principles saying cyberspace is a global phenomenon and it can only have global responses," Touré said. "I just intend to put down some key principles there that will lay the seeds for something in the future."

Even vague terms could be used as a pretext for more oppressive policies in various countries, though, and activists and industry leaders fear those countries might also band together by region to offer very different Internet experiences.

In some ways, the U.N. involvement reflects a reversal that has already begun.

The United States has steadily diminished its official role in Internet governance, and many nations have stepped up their filtering and surveillance. More than 40 countries now filter the Net that their citizens see, said Ronald Deibert, a University of Toronto political science professor and authority on international conflicts in cyberspace.

Google Executive Chairman Eric Schmidt said this month that the Net is already on the road to Balkanization, with people in different countries getting very different experiences from the services provided by Google, Skype and others.

This month, a new law in Russia took effect that allows the federal government to order a Website offline without a court hearing. Iran recently rolled out a version of the Internet that replaced the real thing within its borders. A growing number of countries, including China and India, order sites to censor themselves for political, religious and other content.

China, which has the world's largest number of Internet users, also blocks access to Facebook, YouTube and Twitter among other sites within its borders.

The loose governance of the Net currently depends on the non-profit ICANN, which oversees the Web's address system, along with voluntary standard-setting bodies and a patchwork of national laws and regional agreements. Many countries see it as a U.S.-dominated system.The U.S. isolation within the ITU is exacerbated by it being home to many of the biggest technology companies - and by the fact that it could have military reasons for wanting to preserve online anonymity. The Internet emerged as a critical military domain with the 2010 discovery of Stuxnet, a computer worm developed at least in part by the United States that attacked Iran's nuclear program.

Whatever the outcome in Dubai, the conference stands a good chance of becoming a historic turning point for the Internet.

"I see this as a constitutional moment for global cyberspace, where we can stand back and say, `Who should be in charge?' said Deibert. "What are the rules of the road?"(Reporting by Joseph Menn; Editing by Jonathan Weber, Martin Howell, Ken Wills and Andrew Hay)

The End Of The Free Internet?By DICK MORRISPublished on DickMorris.com on December 7, 2012

Click Here To Sign The Petition To Stop UN Control Of The Internet!

Until now, the work of the UN negotiators who are pondering how to regulate the Internet has been shrouded in secrecy. But as 1,950 delegates from 193 countries gather this week in Dubai to consider 900 proposals to regulate the Internet, their game is becoming clear.

The Russian-educated head of the International Telecommunications Union (ITU), the UN body seeking to control the Internet, Dr. Hamadoun Toure says: "The brutal truth is that the internet remains largely [the] rich world's privilege." He adds that "the ITU wants to change that."

Here's how:The ITU wants to force companies -- and eventually their users (us) -- to pay for streaming video. The proposal is called "pay to stream" or "a quality based model." According to the BBC, "This would see firms face charges if they wanted to ensure streamed video and other quality-critical content download without the risk of problems such as jerky images." Presumably the revenues from this Internet Tax would go to building up Net infrastructure in the less developed world. And, undoubtedly, the cost will be passed onto the users throughout the world -- including you!

But building up the Net's third world infrastructure is not the real agenda here. It's a facade.

Russia and China want firms like Google to have to pay to send streaming video into other countries, creating a charge that can be passed on to the users. The idea is to make it so expensive that nobody in their totalitarian countries downloads anything they shouldn't which might open their eyes to the truth Moscow and Beijing want to keep out.

The ITU is now charged with regulating long distance phone services. But Moscow and Beijing, want to expand its power to dictate to the Internet and they have a willing tool in Toure who was educated in Leningrad and Moscow in the pre-glasnost era.

The delegates and would-be regulators have until December 14th to agree on which proposals to adopt. Russia and China are seeking a declaration that each nation has an "equal right to manage the Internet" to enhance its ability to block politically free sites.

Fortunately, the European Union's digital agenda commissioner Neelie Kroes has tweeted that "the internet works, it doesn't need to be regulated by ITR Treaty." And Vinton Cerf, the computer scientist who co-designed some of the Internet's core underlying protocols, says "a state-controlled system of regulation is not only unnecessary, it would almost invariable raise costs and prices and interfere with the rapid and organic growth of the internet."

Cerf notes that "only governments have a voice at the ITU...engineers, companies, and the people that build and use the web have no vote."

And so it would be if these talks lead to a new treaty: Only governments will run the Net. God help us all!

(NONE of this is being covered by American media, whether cable, broadcast, or print). Please send this column around to your family and friends and encourage them to sign the petition protesting Internet regulation!)Click Here To Sign The Petition To Stop UN Control Of The Internet!

In a referendum among the world's two billion Internet users, how many would vote to transfer control of the Internet to the United Nations? Perhaps 100,000, an estimate based on the number of top officials ruling the most authoritarian countries, whose power is threatened by the open Web.

Under the one country, one vote rule of the U.N., these 100,000 people trump the rest of the two billion. It only takes a majority of the 193 countries in the U.N. to hijack the Internet.

The International Telecommunications Union is hosting a conference in Dubai, where many countries are eager to extend the agency's role beyond telecommunications to regulate the Internet. The two-week conference is half over, with meddlesome proposals from China, Russia and other authoritarian regimes dominating the discussion.

A U.S.-Canadian proposal would have limited topics to telecommunications, excluding the Internet. Top U.S. negotiator Terry Kramer said in a call with the media last week that the State Department believes that "fundamentally, the conference should not be dealing with the Internet" and that the U.S. team was working "day and night" to find allies. But State didn't respond to my follow-up question asking for an estimate of how many countries have pledged to keep hands off the Internet. This is likely a low percentage of the 193.

Instead, authoritarian governments want to legitimize government censorship, tax Internet traffic that crosses national boundaries and mandate that ITU bureaucrats replace the nongovernmental engineering groups now smoothly running the Internet.

Enlarge Image

European Pressphoto AgencySecretary General of the (ITU), Hamadoun Toure of Mali, speaks during plenary session at World Conference on International Telecommunications (WCIT), in Dubai..The good news is rare bipartisan opposition in the U.S., where the House last week voted unanimously to "keep the Internet free from government control." In that spirit, this column is happy to report on a speech by Andrew McLaughlin, a former deputy chief technology officer in the Obama administration who also worked at Google GOOG +0.86% . He urged President Obama to "kneecap" the ITU, abolishing it rather than let it put the open Internet at risk.

"What is so bad about the ITU?" Mr. McLaughlin asked in a speech to the New America Foundation in Washington on Nov. 29. "It's just simple things like the nature, structure, culture, values and processes of the ITU. They are all inimical to a free and open Internet, and they are all inconsistent with the nature of the technical infrastructure that now characterizes our communications networks." Voting rules let repressive governments "engage in horse trading that has nothing to do with the technical merits of the decisions under consideration."

Mr. McLaughlin cited the "soft corruption" of the ITU, where regulators and the monopoly telecommunications companies from many countries "get to take nice trips to Geneva on a regular basis, and people build their careers around the ITU as a gravy train." This is "yet another reason it should be killed off in its current form." The ITU could be closed if the U.S. did the hard work to persuade other countries to assign its functions to private groups under the successful nongovernmental model of the Internet.

"You need look no further than the fact that the ITU is the chosen vehicle for regimes for whom the free and open Internet is seen as an existential threat—Russia, China, Iran, Uzbekistan, Saudi Arabia, Vietnam, Belarus and Cuba. These are the countries placing their hopes and ambitions in the vessel of the ITU for governance and regulation of the Internet," Mr. McLaughlin said.

"I hate to say this in such a stark way, but I will anyway: It strikes me that the Obama administration, coming from the left in the U.S., where I come from, has an opportunity to be the Nixon that goes to the China of trying to kneecap a useless, inimical, bloated, bureaucratic and corrupt international organization like the ITU. I hope they will take this challenge."

A kneecapping sounds about right, and Mr. McLaughlin has given his former boss excellent talking points. He concluded: "There's also a symbolic importance to winding down a centralized, government-centric treaty organization in the context of a new communications network that doesn't need it, and in fact is harmed by it."

The U.S. can refuse to join any new ITU treaty arising from this conference, but today's largely open and global Internet would become a paradise lost. Many countries would sign the treaty to put roadblocks along global networks, monitor email and censor and tax foreign websites they find threatening. A global communications utility will be fragmented and made less robust for all.

A generation ago, President Ronald Reagan stymied similar efforts by another U.N. agency. Authoritarian governments had used Unesco to suppress free speech under the rubric of a "New Information World Order." The U.S., joined by Britain, delegitimized the effort by leaving Unesco.

President Obama would be a hero if he took Mr. McLaughlin's advice to neutralize the ITU. Failing this, he could follow the Reagan precedent, minimizing the harm done by the ITU by having the U.S. leave.

A version of this article appeared December 10, 2012, on page A19 in the U.S. edition of The Wall Street Journal, with the headline: Would-Be Internet Regulators Need Deleting.

America's First Big Digital Defeat A majority of the 193 U.N. member countries have approved a treaty giving governments new powers to close off access to the Internet in their countries.By L. GORDON CROVITZ

The open Internet, available to people around the world without the permission of any government, was a great liberation. It was also too good to last. Authoritarian governments this month won the first battle to close off parts of the Internet.

At the just-concluded conference of the International Telecommunications Union in Dubai, the U.S. and its allies got outmaneuvered. The ITU conference was highly technical, which may be why the media outside of tech blogs paid little attention, but the result is noteworthy: A majority of the 193 United Nations member countries approved a treaty giving governments new powers to close off access to the Internet in their countries.

U.S. diplomats were shocked by the result, but they shouldn't have been surprised. Authoritarian regimes, led by Russia and China, have long schemed to use the U.N. to claim control over today's borderless Internet, whose open, decentralized architecture makes it hard for these countries to close their people off entirely. In the run-up to the conference, dozens of secret proposals by authoritarian governments were leaked online.

ITU head Hamadoun Touré, a Mali native trained in the Soviet Union, had assured that his agency operates by consensus, not by majority vote. He also pledged that the ITU had no interest beyond telecommunications to include the Internet. He kept neither promise.

A vote was called late one night last week in Dubai—at first described as a nonbinding "feel of the room on who will accept"—on a draft giving countries new power over the Internet.

The result was 89 countries in favor, with 55 against. The authoritarian majority included Russia, China, Arab countries, Iran and much of Africa. Under the rules of the ITU, the treaty takes effect in 2015 for these countries. Countries that opposed it are not bound by it, but Internet users in free countries will also suffer as global networks split into two camps—one open, one closed.

The U.S. delegation never understood this conference was fundamentally a battle in what might be called the Digital Cold War. Russia and China had long been lobbying for votes, but U.S. opposition got serious only at the conference itself. Even then, Mr. Touré claimed he thought the U.S. would support the ITU treaty: "I couldn't imagine that at the end they wouldn't sign."

The treaty document extends control over Internet companies, not just telecoms. It declares: "All governments should have an equal role and responsibility for international Internet governance." This is a complete reversal of the privately managed Internet. Authoritarian governments will invoke U.N. authority to take control over access to the Internet, making it harder for their citizens to get around national firewalls. They now have the U.N.'s blessing to censor, monitor traffic, and prosecute troublemakers.

Internet users in still-open countries will be harmed, too. Today's smoothly functioning system includes 40,000 privately managed networks among 425,000 global routes that ignore national boundaries. Expect these networks to be split by a digital Iron Curtain. The Internet will become less resilient. Websites will no longer be global.

Under the perverse U.N. definition of progress, Mr. Touré is delighted with the ITU undermining the open Internet. "History will show that this conference has achieved something extremely important," he said. "It has succeeded in bringing unprecedented public attention to the different and important perspectives that govern global communications." The treaty calls on countries to "elaborate" their views on the Internet at future ITU conferences, so these issues are here to stay.

Robert McDowell, a Republican member of the Federal Communications Commission, summarized the harm. "Consumers everywhere will ultimately pay the price for this power grab as engineers and entrepreneurs try to navigate this new era of an internationally politicized Internet," he said. "Let's never be slow to respond again."

One lesson is that the best defense of the Internet is a good offense against an overreaching U.N. The majority of authoritarian governments in a one-country, one-vote system will keep chipping away at the open Internet. The best way to stop them is to abolish the ITU.

As outlined in last week's column, former Obama administration technology adviser Andrew McLaughlin proposes applying the nongovernmental model now operating the Internet to the telecommunications industry as well. That would make the ITU unnecessary. Both houses of Congress voted unanimously against any ITU treaty endangering the open Internet. One expects lawmakers would happily support the Obama administration if it gathers the resolve to abolish the U.N. agency.

Just as during the last Cold War, the clash over the future of the Internet will have many battles across many fronts. Authoritarian governments are highly motivated to close the Internet off. But just as in the Cold War, these regimes are doomed to lose if free countries resolve to fight. Whatever governments want, people prefer freedom and eventually will get it, including on the Internet.

The sun can put on quite a show, with violent storms releasing large amounts of electromagnetic energy into the solar system. With increased reliance on satellite-based communication, the vulnerability to disruption from solar storms and flares increases. Because the sun is currently in a period of relatively high activity, expected to peak in 2013, solar storm warnings will likely be more frequent in the coming year. However, despite the increasing frequency of bursts of electromagnetic energy from the sun, the possibility of a direct hit by a truly debilitating storm is still small, and the possibility of any other kind of disruptive electromagnetic pulse is even smaller.

Analysis

If energy from solar storms comes into contact with Earth's magnetic field, it can increase radiation levels and disturb the ionosphere. These effects have the ability to disrupt satellite operations, radio transmissions, GPS and cellular communications, and damage electrical equipment on the ground. For example, electromagnetic energy from a solar storm in 1989 caused widespread power outages throughout Quebec.

On Feb. 19, a very large sunspot appeared and grew to six times the size of Earth within 48 hours. The spot remains unstable and could result in solar storms. These storms, which release the electromagnetic energy that could eventually come into contact with Earth, are not all of the same intensity. Traditionally, solar flares -- a type of solar storm -- are ranked: the strongest flares are labeled X, the weakest flares are labeled C, and those in the middle are labeled M. As technology has become more incorporated into daily life, and satellites have transitioned into a more commercial role, the National Oceanic and Atmospheric Administration has developed a scale that allows the general public to better understand the impacts of these storms. A numbering system of 1-5 indicates severity, with 5 being the most severe, while letters indicate how the storm is interacting with Earth and its surrounding magnetic field. G indicates a geomagnetic storm and corresponding disturbance in Earth's magnetic field, which can cause problems with electrical grids on the ground. S indicates an increase in radiation levels, and R refers to radio blackouts that result from disturbances in the ionosphere, often caused by solar flares.

NASA and the National Oceanic and Atmospheric Administration monitor space weather and are somewhat capable of predicting solar storms. Space weather forecasts, while still subject to some level of uncertainty, have improved greatly in recent years, allowing scientists to predict the arrival times of storms fairly accurately. The forecast through Feb. 24 gave a 40 percent chance for an M flare and a 10 percent chance for an X flare. The probability of an R3 or higher blackout, which could cause radio outages for an hour or more on the sun side of Earth, was 5 percent or less through Feb. 24. The possibility of a severe geomagnetic storm was 1 percent. NASA's predictions, put in layman's terms, were for Feb. 22 and Feb. 23 to be "quiet to unsettled" with Feb. 24 "quiet." Such forecasts could become more common in the coming year.

. Activity on the sun is not constant. Sunspot occurrences have increased since 2010, and the sun currently is near its maximum point in the 11-year cycle. Multiple large storms were reported in 2012, but at worst they led to minor disruptions -- primarily in air travel -- but no major disturbances. However, ongoing levels of increased activity could make sporadic communications interruptions more likely. An increase in activity could also bring the possibility of disruption to electrical grids and satellite activity to the forefront of the mainstream media.

The threat of electromagnetic pulses is often brought up in relation to an act of terrorism. However, Stratfor has long held the position that this risk is extremely small. Space is the most likely source of an electromagnetic disturbance.

Satellites are able to withstand most solar storms, although some minor problems with computer subsystems are possible. An extremely severe electromagnetic storm, sometimes referred to as a 100-year storm, would have the ability to disrupt the electrical grid on the ground. There is some debate within the United States about whether the cost of completely hardening the electrical grid against such a storm is justified. An EMP Commission report released in 2008 concluded that the United States' electrical grid was vulnerable to electromagnetic energy, and the U.S. Department of Defense has estimated that retrofitting all military electrical equipment could cost as much as 10 percent of the initial cost. However, the electrical grid's vulnerability means that if a severe solar storm hit, widespread power outages could result.

However, the likelihood of a solar storm being both strong enough and correctly positioned to do this is very small. Storms this severe only appear a few times during the sun's 11-year cycle. Still, smaller communications disruptions are possible, especially since the world is becoming more and more dependent on technology. In short, communications and navigational systems are the most likely casualties of this year's increased solar activity.

This is not to belittle the possible detriment of communications disruptions. Equipment used to direct strategic military activity, among other things, could be affected. Disruptions could also have short-term political and economic consequences for affected nations, given the unknown effects of even a minor disturbance in global communications. Much of modern life revolves around cellular and positioning technology. A strong solar storm could create inconveniences, but a doomsday situation -- especially the use of an electromagnetic pulse in a terrorist attack -- is extremely unlikely.

Happy Independence Day to our American readers, wherever they might be.

While you're enjoying friends, family, and that charbroiled steak, perhaps this is also a good time to take stock of your own state of independence. To ponder your privacy, or lack thereof, and what you might do about it.

For the record, the word "privacy" doesn't appear in the Declaration of Independence, nor anywhere in the Constitution. It's difficult at this late date to divine whether the authors of those documents had any real notion of the term or thought it worth protecting. Nevertheless, we can draw some inferences from what they did write.

The Fourth Amendment declares that "the right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue but on probable cause." The Fifth Amendment adds that no person "shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty or property without due process of law."

An overarching right to be left alone certainly seems implied.

But what about personal electronic communications—a concept that could hardly have existed in the 18th century. Should they also be secure? That's the question before us as a society. It's been a big one for a long time now, even though it only makes the front pages when an Edward Snowden type appears.

Snowden might be the current flavor of the day, but many of his revelations are little more than yesterday's news. For example, investigative reporter Kurt Eichenwald, in his book 500 Days: Secrets and Lies in the Terror Wars, revealed how the NSA's questionable mass surveillance program—what he calls "the most dramatic expansion of NSA's power and authority in the agency's 49-year history"—was devised just days after 9/11, as an end run around the traditional requirements of the Foreign Intelligence Surveillance Act (FISA).

Formerly, FISA demanded that an individual warrant be obtained if the government wanted to monitor Americans communicating overseas. But the Baby Bush administration unilaterally swept that aside. The new presidential directive granted the NSA the power to gather unlimited numbers of emails and phone calls into a database for analysis, all without the approval of Congress or any court. (Not to put everything on Dubya—Obama has essentially doubled down on this encroachment.)

Moving the surveillance totally onshore was a breeze from there. Connections between a suspect email address abroad and anyone else—accounts that either sent or received messages, whether in the United States or not—would be subject to examination. At that point, a more detailed list could be constructed, ensnaring any email addresses contacted by the suspect, and then any addresses contacted by those addresses, and so on without end.

More specifics came from whistleblower William Binney, a 30-year veteran of the NSA. Binney, who resigned from the agency in 2012 because of the dubious nature of its activities, volunteered the first public description of NSA's massive domestic spying program, called Stellar Wind, which intercepts domestic communications without protections for US citizens. Binney revealed that NSA has been given access to telecommunications companies' domestic and international billing records, and that since 9/11 the agency has intercepted between 15 and 20 trillion communications. He further disclosed that Stellar Wind was filed under the patriotic-sounding "Terrorist Surveillance Program" in order to give cover to its Constitutionally questionable nature.

We also can't pretend to be shocked just because we now know PRISM's name. The government has long employed techniques which they hide behind euphemisms like "full pipe monitoring," "sentiment analysis," and "association mapping." These involve concurrent surveillance of both email and social media, in order to build a detailed map of how evolving movements are organized. Political protests receive extremely close scrutiny, with information about them shared among federal, state, and local law enforcement officials. This is what happened with the "Occupy" demonstrations, where everything participants did was watched, every communication was recorded, and all of it was filed away for future reference. Everyone involved is now the subject of a government dossier.

Even if you're not part of a political movement, heaven help you if get caught up in some vast fishing expedition that hooks everyone who has ever visited some "suspicious" website, or even merely typed in some alarm-bell keywords.

Nor has the value of this kind of information gathering been lost on politicians. In fact, the presidential race of 2012 will likely go down as the first one in history—and it won't be the last—that was decided by who had the better Internet sniffers. Both the Romney and Obama campaigns continuously stalked voters across the Web, by installing cookies on their computers and observing the websites they visited as a means of nailing down their personal views. CampaignGrid, a Republican-affiliated firm, and Precision Network, working for the Democrats, jointly collected data on 150 million American Internet users. That's a full 80% of the entire registered voting population, for those keeping score.

Cellphones are another rich source of user data, especially when it comes to apps. If you download one, you grant to the vendor the right to gather all sorts of personal information. But then, you knew that when you read the "Permissions" document—you did read it, right?—so at least you know you can opt out.

Forget about turning off your phone's location-tracking feature (which a mere 19% of us do, Pew says). Regardless of whether it's on or off, your wireless carrier knows (and keeps a record of) where your phone is at all times it's connected to the cell network. Carriers can be forced to surrender the information to law enforcement, not to mention that they've been rather less than forthcoming about what else they may be doing with this data.

Anyone who thinks the government's ultimate goal is not to intercept and archive our every digital message, oral or written—or that it doesn't have that capability—needs to be aware of what's happening in Bluffdale, Utah, AKA the middle of nowhere. There, NSA contractors (and only those with top secret clearances) are putting the finishing touches on a staggeringly huge decryption and data storage center. James Bamford, the country's leading civilian authority on the NSA, wrote inWired of the facility's purpose, which is no less than: "to intercept, decipher, analyze, and store vast swaths of the world's communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks."

Bluffdale will cost upwards of $2 billion and occupy a million square feet of space. Included will be four 25,000-square-foot halls filled with state-of-the-art supercomputers. The ultimate goal, Bamford says, is to construct a "worldwide communications network, known as the Global Information Grid, to handle yottabytes of data." (A yottabyte is a septillion, or 1024 bytes—it's so gigantic that no one has yet coined a colloquial term for the next higher order of magnitude.)

To gather up those yottabytes, the NSA has dotted the country with a network of buildings set up at key Internet junction points. According to William Binney, the wiretaps in these secret locations are powered by highly sophisticated software that conducts "deep packet inspection," which is the ability closely to examine traffic even as it streams through the Internet's backbone cables at 10 gigbytes per second.

Fortunately, the situation is impossible but not hopeless—because whenever technology gets too intrusive, the free market nearly always reacts with some kind of solution. And that's the case here. As the surveillers extended their reach, enterprising liberty lovers immediately began developing countermeasures.

Keep in mind, however, that the technologies outlined below can only lessen your shadow so much, catching a little less attention from the all-seeing eye of Sauron. No one solution provides perfect privacy, and when push comes to shove and a government official shows up with a warrant in hand, he or she will inevitably get access to anything needed.

The first area to consider addressing is the digital trail you leave when researching any topic that might be of concern to someone's prying eyes (or, for that matter, doing anything at all on the Internet which you don't want analyzed, packaged, and sold).

One option for dealing with this concern is Tor, which is free and open source. According to its website, the service was "originally developed … for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others."

Tor tackles the problem of traffic analysis head on:

"How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on…

"Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers."

To combat this, Tor has created a distributed network of users called a VPN (virtual private network). All data packets on that network "take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going."

One of the beauties of Tor is that it's packaged all up in single download. Just install the Tor browser—a privacy-tuned clone of the popular open-source Firefox browser—and it automatically manages all the networking for you. Surf in relative privacy with just a few clicks.

For more advanced users, there are options to route all kinds of activities through the network other than web browsing, such as Skype calls and file sharing.

Tor also offers Orbot, an Android application that allows mobile phone users to access the Web, instant messaging, and email without being monitored or blocked by a mobile ISP. It won't get you around those pesky data limits, but it will certainly reduce the amount of data your ISP can provide about you. If you find yourself in a region where access to certain services is restricted, it will open those options back up to you.

Cryptohippie is another site that utilizes the privacy capabilities of a VPN. According to the company, its subscription-based Road Warrior product "creates a strongly encrypted connection from your computer to the Cryptohippie anonymity network. From there, your traffic passes through at least two national jurisdictions, loses all association with your identifiers and emerges from our network at a distant location. But, even with all of this going on, you can surf, check your email, use Skype, and everything else exactly as you have been. Unless you reveal it yourself, no one can see who you are or what your data may be."

The service is well aware of the ever-present possibility of government interference with its operations. Thus Cryptohippie is truly international. Its only US presence is to authenticate connections to its servers in other countries. None of its servers are in the States.

(Of course, if you use Tor or Cryptohippie to log in to secured sites like Amazon or eBay, your activities at that end will still be logged to a database and associated with you, so don't delude yourself that such tools make you invisible. All they can do is keep your activity limited to the two parties involved—you and the computer or person on the other end—and keep outsiders from knowing that the conversation is taking place.)

These are highly sophisticated products. Perhaps you don't think you need that level of protection, but would just like to keep your browsing habits private. All of the major browsers, including Internet Explorer, Firefox, and Google Chrome, have a "clear browsing history" button. They also have "enable private browsing" functions that you can activate.

How much value these options actually have is questionable, but in any event they're not going to stop Google from archiving your searches, if that's the engine you use. (And who doesn't?) So if you don't want that, you can use a different search service, like DuckDuckGo, whose strict non-tracking policy is entertainingly presented in graphic form. Try it out in comparison to Google, and you'll find that the results are reasonably similar (although it seems odd at first not to have that strip of ads running down the right side of the screen). DuckDuckGo reports that it has seen a big increase in users since Snowden came forward.

Another area to consider addressing is your email. If you'd rather not have your email subject to daily inspection for "watchwords" our guardians consider inflammatory, one option is to use a foreign provider that will be less inclined to comply when Washington comes knocking with a "request" for user data. There are countless providers to choose from, including:• Swissmail.org, which is obviously domiciled in Switzerland;• Neomailbox.com, located in the Netherlands;• CounterMail.com in Sweden;• TrilightZone.org in the Netherlands, Luxembourg, Hong Kong, and Malaysia; and• Anonymousspeech.com, which boasts over 600,000 subscribers and is unusual in that it has no central location. "Our servers," the company says, "are constantly moving in different countries (Malaysia, Japan, Panama, etc.) and are always outside the US and Europe."Whichever provider you choose, just be sure they offer at least an SSL connection to its services at all times. That will stop someone from downloading your email right off the wire. Features like encrypted storage and domicile in a state known for protecting privacy are also nice features.

The latest entrant in the privacy space is Silent Circle, a company whose story is worth detailing, because it has placed itself squarely in the forefront of the clash between alleged governmental need-to-know and personal privacy rights.

Silent Circle's CEO is Mike Janke, a former Navy SEAL commando and international security contractor who has gathered around him a megastar cast of techies, including most prominently, the legendary Phil Zimmermann, godfather of private data encryption and creator of the original PGP, which remains the world's most-utilized security system. Also on board are Jon Callas, the man behind Apple's whole-disk encryption, which is used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a top cryptographic engineer who previously worked on PGP and for Apple.

The team hit the ground running last October with the introduction of its first product, an easy-to-use, surveillance-resistant communications platform that could be employed on an iPhone or iPad to encrypt mobile communications—text messages plus voice and video calls.

In order to avoid potential sanctions from Uncle Sam, Silent Circle was incorporated offshore, with an initial network build-out in Canada; it has plans to expand to Switzerland and Hong Kong.

Silent Circle immediately attracted attention from news organizations, nine of which signed on to protect their journalists' and sources' safety in delicate situations. A major multinational corporation ordered some 18,000 subscriptions for its staff. Intelligence and law enforcement agencies in nine countries have expressed interest in using the company to protect the communications of their own employees.

As Ryan Gallagher wrote in Slate:

"The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a 'Silent Text' app. The sender of the file can set it on a timer so that it will automatically 'burn'—deleting it from both devices after a set period of, say, seven minutes. Until now, sending encrypted documents has been frustratingly difficult for anyone who isn't a sophisticated technology user, requiring knowledge of how to use and install various kinds of specialist software. What Silent Circle has done is to remove these hurdles, essentially democratizing encryption. It's a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade state surveillance or corporate espionage."

The burn feature is extraordinarily valuable. It can mean the difference between life and death for someone who uses a phone to film an atrocity in a danger zone and transmits it to a safe remote location. Seven minutes later, it disappears from the source, even if the phone is seized and its contents examined.

Additionally, Silent Circle "doesn't retain metadata (such as times and dates calls are made using Silent Circle), and IP server logs showing who is visiting the Silent Circle website are currently held for only seven days. The same privacy-by-design approach will be adopted to protect the security of users' encrypted files. When a user sends a picture or document, it will be encrypted, digitally 'shredded' into thousands of pieces, and temporarily stored in a 'Secure Cloud Broker' until it is transmitted to the recipient. Silent Circle ... has no way of accessing the encrypted files because the 'key' to open them is held on the users' devices and then deleted after it has been used to open the files."

The Silent Suite, a subscription to which costs US $20/month, covers the communications spectrum with four features:

Silent Phone works on iPhone, iPad, Android, Galaxy, and Nexus, and provides encrypted, P2P, HD mobile voice and video over 3G, 4G, Edge, and WiFi, "with almost no latency" and no possibility of anyone (including the company) listening or wiretapping. The cryptographic keys involved are destroyed at the end of the call.

Silent Eyes allows for encrypted HD video and voice transmission using a laptop or desktop device. It's compatible with all Windows operating systems.

Silent Mail encrypts email with PGP Universal. It will run on smartphones, tablets, and computers using existing mail programs such as Outlook and Mac Mail. Absolute privacy is ensured with a silentmail.com email address and 1 Gb of encrypted storage.

This is not intended as an endorsement of Silent Circle, although we heartily approve of what the company is trying to do, and the other above references by no means represent an exhaustive guide to securing your communications. But they will point you in the right direction and perhaps spur you to action. A basic search will turn up dozens more options. Carefully study what each offers, read reviews from sources you trust, determine the service best suited to your particular needs, then just sign up.

However, we all have to accept the cold, hard fact of the matter, which is that this cat-and-mouse game is likely to be with us for a very long time. Those who believe they have the right to spy on us will develop ever more sophisticated ways of doing it. Those who believe we have a Constitutional right to privacy will fight tooth and nail to protect it.

It's possible that the one side eventually will develop an unstoppable offense or that the other will come up with a defense that can't be breached. But that's not the way to bet.

In the end, technology is completely neutral. It will evolve with no regard to how it is used. Expect those cats and mice to continue chasing each other, around and around and around. And make do with the best that is available to you at any given time.

America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.

Bill Mellon of the University of Wisconsin said the school has seen as many as 100,000 hacking attempts a day from China.

University officials concede that some of the hacking attempts have succeeded. But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers. They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.

“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney J. Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies. “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”

Tracy B. Mitrano, the director of information technology policy at Cornell University, said that detection was “probably our greatest area of concern, that the hackers’ ability to detect vulnerabilities and penetrate them without being detected has increased sharply.”

Like many of her counterparts, she said that while the largest number of attacks appeared to have originated in China, hackers have become adept at bouncing their work around the world. Officials do not know whether the hackers are private or governmental. A request for comment from the Chinese Embassy in Washington was not immediately answered.

Analysts can track where communications come from — a region, a service provider, sometimes even a user’s specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins. American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare.

The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls.

“A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you’re trying to promote,” said David J. Shaw, the chief information security officer at Purdue University. “The researchers want to collaborate with others, inside and outside the university, and to share their discoveries.”

Some universities no longer allow their professors to take laptops to certain countries, and that should be a standard practice, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies, a policy group in Washington. “There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you’ll take that computer back home and connect to your home network, and then they’re in there,” he said. “Academics aren’t used to thinking that way.”

Bill Mellon of the University of Wisconsin said that when he set out to overhaul computer security recently, he was stunned by the sheer volume of hacking attempts.

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

Other universities report a similar number of attacks and say the figure is doubling every few years. What worries them most is the growing sophistication of the assault.

For corporations, cyberattacks have become a major concern, as they find evidence of persistent hacking by well-organized groups around the world — often suspected of being state-sponsored — that are looking to steal information that has commercial, political or national security value. The New York Times disclosed in January that hackers with possible links to the Chinese military had penetrated its computer systems, apparently looking for the sources of material embarrassing to China’s leaders.

This kind of industrial espionage has become a sticking point in United States-China relations, with the Obama administration complaining of organized cybertheft of trade secrets, and Chinese officials pointing to revelations of American spying. ==============================================

Like major corporations, universities develop intellectual property that can turn into valuable products like prescription drugs or computer chips. But university systems are harder to secure, with thousands of students and staff members logging in with their own computers.Readers’ Comments

Mr. Shaw, of Purdue, said that he and many of his counterparts had accepted that the external shells of their systems must remain somewhat porous. The most sensitive data can be housed in the equivalent of smaller vaults that are harder to access and harder to move within, use data encryption, and sometimes are not even connected to the larger campus network, particularly when the work involves dangerous pathogens or research that could turn into weapons systems.

“It’s sort of the opposite of the corporate structure,” which is often tougher to enter but easier to navigate, said Paul Rivers, manager of system and network security at the University of California, Berkeley. “We treat the overall Berkeley network as just as hostile as the Internet outside.”

Berkeley’s cybersecurity budget, already in the millions of dollars, has doubled since last year, responding to what Larry Conrad, the associate vice chancellor and chief information officer, said were “millions of attempted break-ins every single week.”

Mr. Shaw, who arrived at Purdue last year, said, “I’ve had no resistance to any increased investment in security that I’ve advocated so far.” Mr. Mellon, at Wisconsin, said his university was spending more than $1 million to upgrade computer security in just one program, which works with infectious diseases.

Along with increased spending has come an array of policy changes, often after consultation with the F.B.I. Every research university contacted said it was in frequent contact with the bureau, which has programs specifically to advise universities on safeguarding data. The F.B.I. did not respond to requests to discuss those efforts.

Not all of the potential threats are digital. In April, a researcher from China who was working at the Medical College of Wisconsin was arrested and charged with trying to steal a cancer-fighting compound and related data.

Last year, Mr. Mellon said, Wisconsin began telling faculty members not to take their laptops and cellphones abroad, for fear of hacking. Most universities have not gone that far, but many say they have become more vigilant about urging professors to follow federal rules that prohibit taking some kinds of sensitive data out of the country, or have imposed their own restrictions, tighter than the government’s. Still others require that employees returning from abroad have their computers scrubbed by professionals.

That kind of precaution has been standard for some corporations and government agencies for a few years, but it is newer to academia.

Information officers say they have also learned the hard way that when a software publisher like Oracle or Microsoft announces that it has discovered a security vulnerability and has developed a “patch” to correct it, systems need to apply the patch right away. As soon as such a hole is disclosed, hacker groups begin designing programs to take advantage of it, hoping to release new attacks before people and organizations get around to installing the patch.

“The time between when a vulnerability is announced and when we see attempts to exploit it has become extremely small,” said Mr. Conrad, of Berkeley. “It’s days. Sometimes hours.”

M.T. Anderson’s novel Feed is an uncanny exploration of our (inevitable?) future, in which most of the U.S. population has a “software/wetware interface,” so that online data is accessible directly through our brains. Anderson’s work chronicles the personal and social effects of an increasingly “wired” community, providing a valuable map for the range of potential human dysfunction we should watch for, think about, and preempt.

The main character in Feed, Titus, along with his various friends and relations, broadly experience what sociologist Max Weber called “disenchantment” with the world, a reduction in their appreciation of its mystery, wonder, and beauty. The instant gratification and ready stimulus of the feed induces a jaded, disappointed attitude captured by the novel’s very first line: “We went to the moon to have fun, but the moon turned out to completely suck.”

Imagine for a second you're a terrorist intent on inflicting unimaginable harm on your enemy. Now let's further imagine that your enemy is the United States...The sun rises over your holy mother land, a land now inhabited by the infidels. You don your Kalishnikov, climb out of your cave, scan the skies searching for drones. Stroking your beard you wonder what the virgins do with their time between incoming martyrs. Then you contemplate how you might go about your Jihadist day, seeking (un)holy vengeance against the great Satan?

You pose a grave danger to the citizens of the United States - their government tells you so - you've seen it on CNN (satellite dish in the cave, of course). This brings you immense satisfaction and pride.

As you survey some stray goats wandering the barren hillside you're troubled as to how this can be so. Your options appear severely limited.

1. You could capture a passing, stray American NGO, decapitate them on video and post it for the world to see - along with a mouth frothing, unintelligible rant in a language few understand. Impact negligible...and lots of time spent stalking, capturing, struggling with your victim, etc. Then there's the whole decapitation thing...messy, very messy. Best to go back inside the cave and smoke your fine Afghan Hashish.

2. You consider another popular option. You could find yourself a locale full of infidels, oh say maybe a heavily-fortified US military base, strap a bomb to your ass and rush the gates. Impact better...however this one takes a bit of planning - gotta make sure not to blow the bomb in any practice runs. Then of course there's the nagging question as to whether the virgins really exist. Maybe a rethink is in order.

Sitting comfortably back in your cave you fire up the satellite dish and tune in to watch Wolf. To your amazement you find that you don't actually have to do anything! Your wildest fantasies are coming true...OK, not all; the virgins remain as elusive as ever.

What you find is that your enemy is being dealt some terrible blows without your having to do much more than smoke, herd and stare at your sandals - which you realise really do need replacing.

The damage is being done not by swish bang fighter jets from an invading army, not by any Jihadist bombers with scant regard for their innards, nor from any of your fellow sky-gazing, bearded, cave-dwelling brethren.

No, instead these blows come from none other than your enemies very own National Security Agency. The very chaps entrusted to protect the citizens of the great Satan!

To understand how this works, lets take a step back and consider what has allowed America to become so powerful.

In a phrase, "economic dominance". It is how the United States won the cold war and how it grew to be the greatest nation on earth. Capitalism was allowed to do what it inevitably does...create wealth. Sadly enough

It costs money to become a military power. $695.7 billion at last count. More than any other nation on earth. A truly astonishingly, grotesque amount of waste to be sure. Pretty sure we could have eradicated poverty and disease with that "war chest" by now!

Financing this military machine, and indeed the entire government structure has to come from somewhere. Debt is one avenue, and whooboy are they using that particular lever. In the long run this will destroy the ability to wage wars. Hope springs eternal...

But let's look at what effect the NSA's forcing of US companies to corrupt their systems and provide illegal spying capabilities is now doing to America.

The US technology industry is by far the biggest in the world. However, consumers both in the US and especially outside its borders are beginning to realise what Ladar Levison, the founder of Lavabit meant when he said:

"This experience has taught me one very important lesson: without congressional action or astrong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."

I thought about these comments when talking with a businessman in Asia yesterday. He said to me:

Petrobras was spied on. Visa has a back door...as does SWIFT. Forget Skype, Facebook, Twitter, even the sacred Apple has been complicit!

Dilma Rousseff, Brazil's President cancelled a trip to the US until Mr. Obama can give her a satisfactory answer as to why a country that is supposedly a "friend" of the US is being spied on. According to the BBC:

"Brazilian President Dilma Rousseff has called off a state visit to Washington next month in a row over allegations of US espionage."

Oooooh, someone is in trouble!

So, what do you do if you're a businessman with proprietary information that needs to be stored and shared? Parchment and quills won't work. You're still going to have to use technology, the only question is what technology and from where.

US technology companies that deal with data, Internet, etc, just like the US government, are increasingly being viewed as something that nobody in their right mind wants anything to do with. Pariahs, really.

While I don't personally use it, I would now never even consider using any Microsoft software. I'm even thinking of ditching my Mac. I don't use a smartphone - never have. Why take the risk?

Convenience? Hmmmm, how convenient is a tax audit or a crazy stalker? Wait, those are the same thing, right?

In regards to using Windows for example...there are a myriad of competing options, many of them superior in quality. Not to mention, I don't want to reward a company that treats me with disrespect, lies to me and steals my private information...allegedly of course. I'm their customer, yet they abuse me? No thank you.

From a macro perspective this has the potential to be far bigger than most realise, and I'm seeing the repercussions begin to unfold as normal, everyday people come to understand what exactly the threats are, and what they mean!

The danger of a government spying on you does not stop at simply analysing your spending habits and sharing that information with the tax department, who then cross check it with your tax bill, though this IS happening.

The risks run deep my friends, and even though the cat is out of the bag, it seems a non-event to the NSA and the US government. It's business as usual. I don't believe history is going to look back on these shenanigans kindly.

This is a trend worth following because fortunes are going to be lost - and made - as this continues to play itself out.

On a more personal level we can and must take steps NOW to protect ourselves. This involves carefully chosen hardware, software and understanding what our "digital self" looks like and how to go about protecting it.

Our friend and colleague “John”, an anarchocryptologist (is that a word?) by his own admission, has kindly put together a two-part report on laying the ground work for protecting your "digital self." Part I was released on Tuesday, and the ink has just dried on Part 2.

You can get a copy of both parts by clicking here

So, if you, like us believe that our privacy is worth protecting, that spying governments are not as benign as they suggest, then I encourage you to read it. It's FREE, unlike most of us any longer.

If not, then feel free to go back to the Kardashians and your bag of Cheetos, while updating your Facebook status and Instagram'ing the world a picture of your double bacon burger...with cheese.

You'll be just fine...really.

- Chris

"Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men." - Ayn Rand

This confirms what I suspect about tallies of hits on yahoo, google, twitter etc. When I see "trending now" on yahoo and see a lot of celebrities who are being pushed on us in the news such I wonder if many, perhaps most of the supposed generated "hit" are not computer generated by interests financially tied to those celebrities. I guess there could be less nefarious reasons behind the phoney generated "hits" such as programs that search certain terms etc. but I think it less likely an accident:

but on political needs. If this does not put a chill on those who think the NSA stuff is a big threat to freedom nothing will. I know the other posters on the board think Snowden is a rat. And that is ok. You all have a big valid argument. I just come down on the other side I guess cause I have an emotional response to surveillance. To me he is a hero. But the internet is the battleground of the future (as is space). So there is a good reason for the NSA/military to try to have more control over it. In any case this should be impeachable:

Another day, another judicial rebuke to the Obama Administration's abusive rule-making habits. On Tuesday, a three-judge panel of the D.C. Circuit tossed out as illegal the Federal Communications Commission's bald attempt to regulate the Internet.

For those keeping score at home, that means the FCC is now zero for two in its attempts to impose "net neutrality" rules on the Internet. Net neutrality travels under the guise of ordering Internet service providers like Verizon VZ +0.11% and Comcast CMCSA +1.25% not to discriminate against content providers. In reality it's a government attempt to dictate how these providers must manage their Internet pipes and how much they can charge companies for using those pipes.

Silicon Valley kingpins like net neutrality because it means Verizon can't charge Google's GOOG +2.35% YouTube or Netflix NFLX +0.34% more for using more capacity or faster speeds. This makes no more economic sense than forcing a cable company to charge one price no matter how many channels a consumer subscribes to, or saying a retailer can't charge more for two dresses than for one. It also means less innovation and slower broadband rollout because Internet companies are less sure of their return on investment.

President Obama nonetheless made net neutrality one of his 2008 campaign pledges, but he tried and failed to get even a Democratic Congress to pass legislation. No matter, because former FCC Chairman Julius Genachowski took up the dirty work and jammed the rule through the commission on a partisan 3-2 vote in December 2010.

Now the three judges, two of them Democratic appointees, have concluded that this power grab exceeded the FCC's legal authority as some of us argued at the time. Their ruling throws out the entire regulation except for its disclosure requirements.

Alas, there is a catch in Wednesday's ruling, as Judge Laurence Silberman noted in his separate opinion. Judge Silberman agreed with Judges David Tatel and Judith Rogers on overturning the rules. But he dissented from Judge Tatel's majority opinion that offers the FCC a loophole for further regulation by saying the agency has the power to regulate the Internet as long as it doesn't treat service providers the way it does common telephone carriers.

Judge Silberman notes that the FCC could return to exploit this, and he explains with an extensive legal and economic analysis why he thinks this interpretation is wrong. The good news is that this offers other judges a legal road map for opposing the Tatel-Rogers logic if the FCC tempts the law by trying to reimpose net neutrality.

It's also a warning to new FCC Chairman Tom Wheeler, a liberal and net neutrality devotee, that he should think twice about seeking review of Wednesday's ruling by either the entire D.C. Circuit or the Supreme Court. Judge Silberman carries a bigger legal stick than his two comrades.

Mr. Wheeler would be better off to accept strike two and move on. An appeal risks an even bigger judicial smackdown if the Supreme Court sides with Mr. Silberman, and passing another rule would take months and a great deal of political capital. As former FCC Commissioner Robert McDowell notes nearby, the FCC and other federal agencies have plenty of other regulatory and enforcement power to police Internet abuses or anti-competitive behavior. These include antitrust and consumer protection laws.

The larger reality is that the Internet has succeeded in bringing an entire new world to consumers under the current light regulatory model. Broadband has spread to most of the country save its most rural areas, and content services are proliferating. The biggest obstacle to this progress would be political intervention that impeded innovation in the name of a false equity that serves only the giants of Silicon Valley. Mr. Wheeler shouldn't waste his tenure on a lost legal cause.

In typical Obama and the Progressive movement fashion we give up more and more to the "world community". As Newt asks? *Who are the stakeholders?*We all are if you ask me. I guess we are going to have an international tax now? So Americans can continue funding for the rest of the new world order?

*****U.S. to relinquish remaining control over the Internet

Joe Raedle/Getty Images - Pressure to let go of the final vestiges of U.S. authority over the system of Web addresses and domain names that organize the Internet has been building for more than a decade.

By Craig Timberg,

U.S. officials announced plans Friday to relinquish federal government control over the administration of the Internet, a move that pleased international critics but alarmed some business leaders and others who rely on the smooth functioning of the Web.

Pressure to let go of the final vestiges of U.S. authority over the system of Web addresses and domain names that organize the Internet has been building for more than a decade and was supercharged by the backlash last year to revelations about National Security Agency surveillance.

Move comes after revelations about National Security Agency surveillance.

The change would end the long-running contract between the Commerce Department and the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based nonprofit group. That contract is set to expire next year but could be extended if the transition plan is not complete.

“We look forward to ICANN convening stakeholders across the global Internet community to craft an appropriate transition plan,” Lawrence E. Strickling, assistant secretary of commerce for communications and information, said in a statement.

The announcement received a passionate response, with some groups quickly embracing the change and others blasting it.

In a statement, Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) called the move “consistent with other efforts the U.S. and our allies are making to promote a free and open Internet, and to preserve and advance the current multi-stakeholder model of global Internet governance.”

But former House speaker Newt Gingrich (R-Ga.) tweeted: “What is the global internet community that Obama wants to turn the internet over to? This risks foreign dictatorships defining the internet.”

The practical consequences of the decision were harder to immediately discern, especially with the details of the transition not yet clear. Politically, the move could alleviate rising global concerns that the United States essentially controls the Web and takes advantage of its oversight position to help spy on the rest of the world.

U.S. officials set several conditions and an indeterminate timeline for the transition from federal government authority, saying a new oversight system must be developed and win the trust of crucial stakeholders around the world. An international meeting to discuss the future of Internet is scheduled to start on March 23 in Singapore.

The move’s critics called the decision hasty and politically tinged, and voiced significant doubts about the fitness of ICANN to operate without U.S. oversight and beyond the bounds of U.S. law.

“This is a purely political bone that the U.S. is throwing,” said Garth Bruen, a security fellow at the Digital Citizens Alliance, a Washington-based advocacy group that combats online crime. “ICANN has made a lot of mistakes, and ICANN has not really been a good steward.”

Business groups and some others have long complained that ICANN’s decision-making was dominated by the interests of the industry that sells domain names and whose fees provide the vast majority of ICANN’s revenue. The U.S. government contract was a modest check against such abuses, critics said.

“It’s inconceivable that ICANN can be accountable to the whole world. That’s the equivalent of being accountable to no one,” said Steve DelBianco, executive director of NetChoice, a trade group representing major Internet commerce businesses.

U.S. officials said their decision had nothing to do with the NSA spying revelations and the worldwide controversy they sparked, saying there had been plans since ICANN’s creation in 1998 to eventually migrate it to international control.

“The timing is now right to start this transition both because ICANN as an organization has matured, and international support continues to grow for the multistakeholder model of Internet governance,” Strickling said in a statement.

Although ICANN is based in Southern California, governments worldwide have a say in the group’s decisions through an oversight body. ICANN in 2009 made an “Affirmation of Commitments” to the Commerce Department that covers several key issues.

Fadi Chehade, president of ICANN, disputed many of the complaints about the transition plan and promised an open, inclusive process to find a new international oversight structure for the group.

“Nothing will be done in any way to jeopardize the security and stability of the Internet,” he said.

The United States has long maintained authority over elements of the Internet, which grew from a Defense Department program that started in the 1960s. The relationship between the United States and ICANN has drawn wider international criticism in recent years, in part because big American companies such as Google, Facebook and Microsoft play such a central role in the Internet’s worldwide functioning. The NSA revelations exacerbated those concerns.

“This is a step in the right direction to resolve important international disputes about how the Internet is governed,” said Gene Kimmelman, president of Public Knowledge, a group that promotes open access to the Internet.

Verizon, one of the world’s biggest Internet providers, issued a statement saying, “A successful transition in the stewardship of these important functions to the global multi-stakeholder community would be a timely and positive step in the evolution of Internet governance.”

ICANN’s most important function is to oversee the assigning of Internet domains — such as dot-com, dot-edu and dot-gov — and ensure that the various companies and universities involved in directing digital traffic do so safely.

Concern about ICANN’s stewardship has spiked in recent years amid a massive and controversial expansion that is adding hundreds of new domains, such as dot-book, dot-gay and dot-sucks, to the Internet’s infrastructure. More than 1,000 new domains are slated to be made available, pumping far more fee revenue into ICANN.

Major corporations have complained, however, that con artists already swarm the Internet with phony Web sites designed to look like the authentic offerings of respected brands.

“To set ICANN so-called free is a very major step that should done with careful oversight,” said Dan Jaffe, executive vice president of the Association of National Advertisers. “We would be very concerned about that step.”

F.C.C., in ‘Net Neutrality’ Turnaround, Plans to Allow Fast Lane The Federal Communications Commission will propose new rules that allow Internet service providers to offer a faster lane through which to send video and other content to consumers, as long as a content company is willing to pay for it, according to people briefed on the proposals.The proposed rules are a complete turnaround for the F.C.C. on the subject of so-called net neutrality, the principle that Internet users should have equal ability to see any content they choose, and that no content providers should be discriminated against in providing their offerings to consumers.The F.C.C.’s previous rules governing net neutrality were thrown out by a federal appeals court this year. The court said those rules had essentially treated Internet service providers as public utilities, which violated a previous F.C.C. ruling that Internet links were not to be governed by the same strict regulation as telephone or electric service.The new rules, according to the people briefed on them, will allow a company like Comcast or Verizon to negotiate separately with each content company – like Netflix, Amazon, Disney or Google – and charge different companies different amounts for priority service.READ MORE »http://www.nytimes.com/2014/04/24/technology/fcc-new-net-neutrality-rules.html?emc=edit_na_20140423

The End of the Permissionless WebRegulators want to become the gatekeepers for Internet innovation.ByL. Gordon CrovitzUpdated May 4, 2014 6:52 p.m. ET

The first generation of the Internet did not go well for regulators. Despite early proposals to register websites and require government approval for business practices, the Internet in the U.S. developed largely without bureaucratic control and became an unstoppable engine of innovation and economic growth.

Regulators don't plan to make the same mistake with the next generation of innovations. Bureaucrats and prosecutors are moving in to undermine services that use the Internet in new ways to offer everything from getting a taxi to using self-driving cars to finding a place to stay.

What has made the Internet revolutionary is that it's permissionless. No one had to get approval from Washington or city hall to offer Google GOOGL -0.44% searches, Facebook FB +1.22% profiles or Apple AAPL +0.63% apps, as Adam Thierer of George Mason University notes in his new book, "Permissionless Innovation." A bipartisan consensus in the 1990s led Washington to allow commercial development of the Internet without onerous regulations. Unlike the earlier telecommunications and broadcasting industries, Internet entrepreneurs didn't need licenses to proceed, just good ideas.

"The central fault line in technology policy debates today can be thought of as 'the permission question,' " Mr. Thierer writes. "Must the creators of new technologies seek the blessing of public officials before they develop and deploy their innovations?" Before the Internet, regulatory systems were "overly rigid, bureaucratic, inflexible and slow to adapt to new realities," pre-empting the "beneficial experiments that yield new and better ways of doing things."

Some officials want to go back. In a recent New York Times NYT -0.26% opinion article, New York Attorney General Eric Schneiderman acknowledged that technology moves at a faster pace than laws can keep up. But instead of waiting to see if new rules are needed, he argues: "The only question is how long it will take for these cyber cowboys to realize that working with the sheriffs is both good business and the right thing to do."

Mr. Schneiderman has targeted Airbnb, an online service that lets users easily rent homes or apartments for short-term stays, giving travelers a new option. The hotel industry, concerned about being disrupted, is lobbying hard to kill the upstart. Mr. Schneiderman went to court demanding the names of people who rent out their homes to see if they violate any laws. Airbnb objects to this fishing expedition. With a valuation in the billions, the Silicon Valley company can afford lawyers to protect its customers, but costly regulatory overreach will inevitably suppress new startups from trying to compete.

Like Airbnb, mobile-phone app Uber creates a marketplace directly linking buyers and sellers—in its case, passengers and drivers—outside the ornate regulations of analog-era municipal taxi commissions. Brussels, Seattle and Miami have banned or strictly limited Uber cars. New York's Mr. Schneiderman objects to the company's practice of pricing more when demand is heavy. The alternative is severely restricted supply, as anyone knows who has tried to hail a cab in the rain.

The drone industry in the U.S. has been grounded because the Federal Aviation Administration has banned commercial use of drones pending new regulations. Meanwhile, countries such as Canada and Australia encourage drones. "As American regulators struggle to come up with a rulebook for the fast-moving industry," Toronto's Globe and Mail bragged recently, "Canada has emerged as perhaps the center of commercial drone technology—from Ontario farmlands to Alberta's oil sands."

Other examples include the Food and Drug Administration's scrutiny of 23andMe's marketing, which forced the company to stop offering health data from its at-home $99 genetics-analysis kit, and prohibitions against selling self-driving cars, which have left the U.S. in the dust behind less regulated Europe.

In his book, Mr. Thierer argues that regulations should be the last resort. The common law provides remedies for innovations that inadvertently cause harm without imposing prior restraint on innovation: "Under tort law, instead of asking for permission to introduce a potentially dangerous product, a firm must pay for the damages its dangerous product creates if it is found liable." If someone flies a drone recklessly or with a mounted camera that violates "peeping Tom" privacy laws, victims can sue for damages. Likewise, traditional contract law protects users of Airbnb and Uber to ensure that the services are honest.

The hardest thing for government regulators to do is to regulate less, which is why the development of the open-innovation Internet was a rare achievement. The regulation the digital economy needs most now is for permissionless innovation to become the default law of the land, not the exception.